Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Policy Machine and Next Generation Access Control

To solve the interoperability and policy enforcement problems of today’s access control approaches, NIST has developed a specification and open source reference implementation, of an authorization system, referred to as the Policy Machine (PM). The PM has evolved from a concept to a formal specification, to a reference implementation and open source distribution. The PM is designed in support of, and in alignment with a NIST led American National Standards Institute/International Committee for Information Technology Standards (ANSI/INCITS) standard under the title of Next Generation Access Control (NGAC). The PM/NGAC is a fundamental reworking of traditional access control into a form suited to the needs of the modern, distributed, interconnected enterprise. The PM/NGAC is being used as the basis for a growing number of commercial and academic product offerings and as the foundation for several dissertations.

For more information visit our CSRC website at:

Created February 7, 2020