News and Events

How NIST is Approaching Attribute Based Access Control (ABAC) and Why It Works

April 04, 2016

NCCoE cybersecurity engineer, Bill Fisher, will discuss how ABAC enables organizations to take into account contextual factors when managing identity and access control, allowing for more granular analysis and therefore better access decisions. 

Hosted by NCCoE partner, NextLabs, the webinar will explore why ABAC is becoming a priority for many organizations and how it can be implemented to reduce the risk of cyber breaches and internal misuse of sensitive information. 

Details
Date: Tuesday, April 5, 2016
Time: 12:00 p.m. ET - 1:00 p.m. ET

Federal Labs Technology Demonstrations and Discussions

March 29, 2016

NCCoE Security Engineer Bill Fisher will present "ABAC: Run-time Access Control for Federated Identities" during the NIST session from 8:30am-12:00pm at the Federal Labs Technology Demonstrations and Discussions in College Park, Md.

RSA Conference 2016

February 28, 2016

The NCCoE will be participating with NIST at the RSA Conference 2016 at Moscone Center in San Francisco, CA.

5 ways the U.S. government can get security right

November 22, 2015

A survey this spring of 1,800 federal information security professionals revealed that the government’s security posture hasn’t improved over the past two years. So, what should the U.S. government do to tackle this problem head on?

For instance, the National Cybersecurity Center of Excellence released a guide for controlling user access to systems based not on role or job title but on user attributes, such as certifications, IP address, group, employee status, etc. This will make it easier for IT departments to terminate network access instantly for the thousands of employees who leave the payrolls every year.

Ping Identity and NIST Collaborate on Guide to Implementing Attribute Based Access Control

October 29, 2015

As an organization, we've put a stake in the ground on re-framing the way enterprises approach security by placing identity at the center of that framework. We're constantly thinking about how we can better equip our customers with the tools and knowledge they need to embrace the shift to this approach, which we call Identity Defined Security.

To that end, we recently teamed up with National Cybersecurity Center for Excellence (NCCoE) at the National Institute of Standards and Technology to develop a practical resource for identity and access management.

NIST cybersecurity guide on attribute-based access control

October 06, 2015

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence on Sept. 30, 2015, released this report to help organizations to secure and control access to information systems.

NIST Requests Feedback on Attribute-Based Access Control System Draft Guide

October 01, 2015
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has started to seek public comments on a draft guide for the implementation of an attribute-based access control system.
 
ABAC systems work to help corporate and public organizations manage an individual’s access rights to data networks and related systems based on the user’s certification, title, training and other attributes, NIST said Wednesday.

NIST Releases Draft Guidance on Improving Data Security

September 30, 2015

The National Institute of Standards and Technology (NIST) recently published draft guidance on how organizations can improve their approach to data security.

The guide discusses how using an attribute based access control (ABAC) system could be more flexible and efficient, and also why this approach may be preferred over using a role-based access control (RBAC) system. The National Cybersecurity Center of Excellence (NCCoE) is currently accepting comments on the draft, a NIST release stated.

NIST issues draft guide for managing attribute-based access to IT systems

September 30, 2015
In what NIST has dubbed a "practice guide," agencies have information to help them recreate an example solution, which is based on commercial technologies and references NIST standards and industry best practices.
 
The guide comes out of a public-private partnership called the National Cybersecurity Center of Excellence.

NIST Seeks Comments on Guidance for Protecting Access to Information Systems

September 29, 2015

As part of its efforts to provide practical solutions to real-world cybersecurity challenges, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is requesting comments on a draft guidance to help organizations better control access to information systems.

I'm more than just my job!

September 28, 2015
Today, we’re witnessing a big step forward in this effort. The National Cybersecurity Center of Excellence (NCCoE) – part of the Federal government’s National Institute of Standards and Technology (NIST) – is releasing a draft NIST Cybersecurity Practice Guide SP 1800-3, demonstrating the use of Attribute Based Access Control (ABAC).
 

NCCoE Launches Building Blocks for Access Control and Mobile Devices

February 24, 2014

NIST’s National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations develop capabilities for attribute based access control, the other to help enterprises address security issues that result from the use of mobile devices to access company resources. The NCCoE invites the public to comment on the draft documents. The comment period is open until March 28, 2014.