Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NIST Released 2 Special Publications - Special Publication 800-178 and Special Publication 800-150
October 05, 2016

Special Publication 800-178A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) 
Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control (ABAC) standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing and enforcing vastly diverse access control policies on various types of data services. However, the two standards differ with respect to the manner in which access control policies are specified and implemented. This document describes XACML and NGAC, and then compares them with respect to five criteria. The goal of this publication is to help ABAC users and vendors make informed decisions when addressing future data service policy enforcement requirements. 
--AND-- 
 
Special Publication 800-150Guide to Cyber Threat Information Sharing 
NIST Announces the Release of Special Publication (SP) 800-150, Guide to Cyber Threat Information Sharing 
 
SP 800-150 provides guidelines for establishing, participating in, and maintaining cyber threat information sharing relationships. The publication describes the benefits and challenges of sharing, the importance of building trust, the handling of sensitive information, and the automated exchange of cyber threat information. The goal of the publication is to provide guidelines that help improve cybersecurity operations and risk management activities through safe and effective information sharing practices. The guide is intended for computer security incident response teams (CSIRTs), system and network administrators, security staff, privacy officers, technical support staff, chief information security officers (CISOs), chief information officers (CIOs), computer security program managers, and other stakeholders in cyber threat information sharing activities.

Created December 19, 2016, Updated May 22, 2017