Identity & access management
Access control is a process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).
NIST has been a leader in the development of various access control techniques, such as role-based access control (RBAC) and attribute based access control (ABAC). Cloud computing and data center technologies can control access to information and data services using an underlying access control framework such as the Policy Machine.
Standards, guidelines, reference implementations and validation programs related to Personal Identity Verification (PIV) of federal employees and contractors are critical for securing access to computing devices and physical facilities.