U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Computer Security Resource Center

Computer Security Resource Center

Projects Role Based Access Control

Role Based Access Control RBAC

Publications

The following NIST-authored publications are directly related to this project.

Series & Number Title Status Released
Journal Article Role Engineering: Methods and Standards Final 12/08/2011
Journal Article Adding Attributes to Role-Based Access Control Final 06/01/2010
Journal Article RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role Based Access Control" Final 12/12/2007
Book Role-Based Access Control (2nd ed.) Final 01/31/2007
Book Role-Based Access Control (1st ed.) Final 01/01/2003
White Paper The Economic Impact of Role-Based Access Control Final 03/01/2002
Conference Proceedings The NIST Model for Role-Based Access Control: Towards a Unified Standard Final 07/26/2000
Conference Proceedings Supporting Relationships in Access Control Using Role Based Access Control Final 10/29/1999
Journal Article A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet Final 02/01/1999
Conference Proceedings Role-Based Access Control for the Web Final 10/29/1998
Conference Proceedings Role Based Access Control on MLS Systems Without Kernel Changes Final 10/23/1998
Conference Proceedings Role-Based Access Control Features in Commercial Database Management Systems Final 10/09/1998
Conference Proceedings Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management Final 10/01/1998
NISTIR 6192 A Revised Model for Role Based Access Control Final 07/09/1998
Conference Proceedings Comparing Simple Role Based Access Control Models and Access Control Lists Final 11/07/1997
Conference Proceedings Role Based Access Control for the World Wide Web Final 10/10/1997
NISTIR 5820 Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications Final 04/01/1996
Conference Proceedings Role-Based Access Control (RBAC): Features and Motivations Final 12/15/1995
Conference Proceedings Implementing Role-Based Access Control Using Object Technology Final 12/01/1995
ITL Bulletin An Introduction to Role-Based Access Control Withdrawn 12/01/1995
Conference Proceedings Role-Based Access Controls Final 10/13/1992

Contacts

RBAC Inquiries
rbac-info@nist.gov

David Ferraiolo
david.ferraiolo@nist.gov

Rick Kuhn
d.kuhn@nist.gov
(301) 975-3337

Ramaswamy "Mouli" Chandramouli
mouli@nist.gov
301-975-5013

Topics

Security and Privacy: access control

Created November 21, 2016, Updated June 22, 2020