- CSRC Home
- Projects / Research
- news & events
Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)
|"A must read."
Review from IEEE Computer Society, Security & Privacy
"Overall, this is a great book."
|2002 Gold Medal for Scientific/ Engineering Achievement - US Department|
|1998 Excellence in Technology Transfer Award - Federal Laboratory Consortium|
|1998 Best Paper - Nat Inf Systems Security Conf|
The Sarbanes-Oxley Act establishes a set of requirements for financial systems, to deter fraud and increase corporate accountability. For information technology systems, regulators may need to know who used a system, when they logged in and out, what accesses or modifications were made to what files, and what authorizations were in effect. IT vendors responding to Sarbanes-Oxley requirements have adopted RBAC as central to compliance solutions because RBAC was designed to solve this type of problem.