Access Rights Management

Current Status

We are no longer accepting Letters of Interest from technology vendors as part of this project. Companies that have been selected to participate have signed a Cooperative Research and Development Agreement (CRADA; see an example) with NIST. We are now in the build phase of our project lifecycle and working on a draft SP 1800. 

If you have questions or suggestions, please email us at financial_nccoe@nist.gov. To receive announcements about additional milestones, sign up for our email alerts.

Summary

Some of the identity and access systems employed by the financial services sector are fragmented, incompatible, and operate in isolation from one another, making their operation complex and prone to errors and inconsistencies that can be exploited by attackers or insider threats. The financial services sector needs the ability to centrally issue, validate, and modify or revoke access rights for an entire enterprise based on easy-to-understand busines rules. This situation makes it difficult for enterprises to securely embrace new technologies such as mobile and cloud computing.

The goal of this use case is to demonstrate ways to link the management of existing disparate identity and access mechanisms and systems into a comprehensive identity and access management (IDAM) solution. This will enable financial sector entities to centrally issue, validate, and modify or revoke access rights for their entire enterprise based on easy-to-understand business rules.

Read our two-page fact sheet or download the full revised project description.

Collaborating Vendors

Alert Enterprise logo
HyTrust logo
NextLabs logo
Radiant Logic
Splunk logo
TDI Technologies logo
Vanguard logo

The technology vendors who participated in this project submitted their capabilities in response to a call in the Federal Register. Companies with relevant products were invited to sign a Cooperative Research and Development Agreement with NIST, allowing them to participate in a consortium to build this example solution.

 

Disclaimer: Certain commercial entities, equipment, products, or materials may be identified in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.