NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
RBAC book cover RBAC book "A must read."
Review from IEEE Computer Society, Security & Privacy

"Overall, this is a great book."
Linux Journal
Image of Gold Medal 2002 Gold Medal for Scientific/ Engineering Achievement - US Department
Multi Colored arrow pointing up 1998 Excellence in Technology Transfer Award - Federal Laboratory Consortium
Globe 1998 Best Paper - Nat Inf Systems Security Conf

RBAC case studies

This section provides links to a number of RBAC case studies and experience reports, which may be useful in planning for RBAC implementations. We will add to this collection as more reports become available. (Please note that the authors and organizations below are not affiliated with NIST or any other agency of the US Government, unless otherwise noted, and NIST cannot endorse or comment on these publications.)  For comments or suggestions on this collection, contact Rick Kuhn at kuhn@nist.gov.   [updated 30 Jan 08]


Back to Top

Health Care


Back to Top

Government and Military Applications

  • US Navy COMPACFLT Enterprise Dynamic Access Control- The EDAC accommodates complex and scalable access control situations many government and civilian organizations are experiencing when managing resource access.
  • State of Nebraska E-Government - role based access in a distributed Linux-based system "to expand and improve its e-government services, while reducing taxpayer cost."
  • West Yorkshire Police Case Study - RBAC "solution to automate the administration of users acrossapplications and directories and provide access, based on role and HR information."
  • Brevard County Florida (Video - WMV format) - integration of biometric ID with access control; HIPAA compliance 
  • Maritime Domain Awareness - RBAC for shared situational awareness among military, intelligence, and law enforcement in a maritime domain
  • North Korean nuclear proliferation - using distributed RBAC to prevent enumeration of misuse cases that could identify weaknesses in coalition information sharing
  • Separation of duties in the Austrian "eLaw" process - workflow and SoD for the Austrian legislature 
  • e-government in Finalnd - Finnish Social Insurance institution
Back to Top

Banking and Finance


Back to Top

IT Infrastructure


Back to Top