How NIST is Approaching Attribute Based Access Control (ABAC) and Why It Works
NCCoE cybersecurity engineer, Bill Fisher, will discuss how ABAC enables organizations to take into account contextual factors when managing identity and access control, allowing for more granular analysis and therefore better access decisions.
Hosted by NCCoE partner, NextLabs, the webinar will explore why ABAC is becoming a priority for many organizations and how it can be implemented to reduce the risk of cyber breaches and internal misuse of sensitive information.
Date: Tuesday, April 5, 2016
Time: 12:00 p.m. ET - 1:00 p.m. ET
Federal Labs Technology Demonstrations and Discussions
NCCoE Security Engineer Bill Fisher will present "ABAC: Run-time Access Control for Federated Identities" during the NIST session from 8:30am-12:00pm at the Federal Labs Technology Demonstrations and Discussions in College Park, Md.
RSA Conference 2016
The NCCoE will be participating with NIST at the RSA Conference 2016 at Moscone Center in San Francisco, CA.
5 ways the U.S. government can get security right
A survey this spring of 1,800 federal information security professionals revealed that the government’s security posture hasn’t improved over the past two years. So, what should the U.S. government do to tackle this problem head on?
For instance, the National Cybersecurity Center of Excellence released a guide for controlling user access to systems based not on role or job title but on user attributes, such as certifications, IP address, group, employee status, etc. This will make it easier for IT departments to terminate network access instantly for the thousands of employees who leave the payrolls every year.
Ping Identity and NIST Collaborate on Guide to Implementing Attribute Based Access Control
As an organization, we've put a stake in the ground on re-framing the way enterprises approach security by placing identity at the center of that framework. We're constantly thinking about how we can better equip our customers with the tools and knowledge they need to embrace the shift to this approach, which we call Identity Defined Security.
To that end, we recently teamed up with National Cybersecurity Center for Excellence (NCCoE) at the National Institute of Standards and Technology to develop a practical resource for identity and access management.
NIST cybersecurity guide on attribute-based access control
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence on Sept. 30, 2015, released this report to help organizations to secure and control access to information systems.
NIST Requests Feedback on Attribute-Based Access Control System Draft Guide
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has started to seek public comments on a draft guide for the implementation of an attribute-based access control system.
ABAC systems work to help corporate and public organizations manage an individual’s access rights to data networks and related systems based on the user’s certification, title, training and other attributes, NIST said Wednesday.
NIST issues draft guide for managing attribute-based access to IT systems
In what NIST has dubbed a "practice guide," agencies have information to help them recreate an example solution, which is based on commercial technologies and references NIST standards and industry best practices.
The guide comes out of a public-private partnership called the National Cybersecurity Center of Excellence.
NIST Releases Draft Guidance on Improving Data Security
The National Institute of Standards and Technology (NIST) recently published draft guidance on how organizations can improve their approach to data security.
The guide discusses how using an attribute based access control (ABAC) system could be more flexible and efficient, and also why this approach may be preferred over using a role-based access control (RBAC) system. The National Cybersecurity Center of Excellence (NCCoE) is currently accepting comments on the draft, a NIST release stated.
NIST Seeks Comments on Guidance for Protecting Access to Information Systems
As part of its efforts to provide practical solutions to real-world cybersecurity challenges, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is requesting comments on a draft guidance to help organizations better control access to information systems.
I'm more than just my job!
Today, we’re witnessing a big step forward in this effort. The National Cybersecurity Center of Excellence (NCCoE) – part of the Federal government’s National Institute of Standards and Technology (NIST) – is releasing a draft NIST Cybersecurity Practice Guide SP 1800-3, demonstrating the use of Attribute Based Access Control (ABAC).
NIST Cyber Center Wants Industry Aid for IT Access Control Projects
The Maryland-based National Cybersecurity Center of Excellence is searching for industry sources to develop a cybersecurity system intended to help control access to information technology assets.
Contractors would design three projects around access control, personal identity verification credentials and mobile devices, theNational Institute of Standards and Technology said Friday.
Center Seeks Collaborators for Access Control, Derived PIV Credentials, and Mobile Device Security
Today's Federal Register contains notices inviting technology vendors to collaborate with the NCCoE on three new projects to provide mobile device security, attribute based access control, and derived personal identity verification (PIV) credentials for mobile devices. Commercially available and open source products will be the modules in end-to-end example solutions to these challenges. All collaborators will enter into a Cooperative Research and Development Agreement (CRADA; see an example) with NIST in order to participate in a consortium for each build team. The projects will result in NIST Cybersecurity Practice Guides that show organizations how they can adopt these or similar capabilities.
NCCoE Seeks Comments on Access Control Building Block
NIST’s National Cybersecurity Center of Excellence (NCCoE) has posted a revised draft white paper that will inform projects aimed at helping companies better manage who has access to their IT assets. This project is an NCCoE “building block,” which are example cybersecurity implementations that apply to multiple industry sectors and can be incorporated into many of the center's sector-specific use cases.
NCCoE Launches Building Blocks for Access Control and Mobile Devices
NIST’s National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations develop capabilities for attribute based access control, the other to help enterprises address security issues that result from the use of mobile devices to access company resources. The NCCoE invites the public to comment on the draft documents. The comment period is open until March 28, 2014.