NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
RBAC Book icon
RBAC book
"A must read."
Review from IEEE Computer Society, Security & Privacy
"Overall, this is a great book."
Linux Journal
Image of Gold Medal 2002 Gold Medal for Scientific/ Engineering Achievement - US Department
Multi Colored arrow pointing up 1998 Excellence in Technology Transfer Award - Federal Laboratory Consortium
Globe 1998 Best Paper - Nat Inf Systems Security Conf

RBAC & Sarbanes-Oxley Compliance

The Sarbanes-Oxley Act establishes a set of requirements for financial systems, to deter fraud and increase corporate accountability. For information technology systems, regulators may need to know who used a system, when they logged in and out, what accesses or modifications were made to what files, and what authorizations were in effect. IT vendors responding to Sarbanes-Oxley requirements have adopted RBAC as central to compliance solutions because RBAC was designed to solve this type of problem.