This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Access control mechanisms control which users or processes have access to which resources in a system. Access control policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of access control policies is a very challenging problem. This problem becomes increasingly severe as a system becomes more and more complex, and is deployed to manage a large amount of sensitive or private information and resources.
To provide high security confidence levels for the nation’s critical IT infrastructure, it is important to provide a tool, which can thoroughly and automatically check the syntactic and semantic faults of AC policies before deploying them for operation. NIST’s effort of developing the tool – Access Control Policy Tool (ACPT) – provides:
Through the four major functions, ACPT performs all the syntactic and semantic verifications as well as the interface for composing and combining AC rules for AC policies; ACPT assures the efficiency of specified AC policies, and eliminates the possibility of making faulty AC policies that leak the privacy information or prohibit legitimate information sharing. NIST has developed this tool, because so far, there is no project or research similar to the ACPT. NIST has significant experience and has great success in developing and transferring access control technologies. In regard to cyber security, privacy, and information sharing, access control is one of the crucial elements in protecting the nation’s critical IT infrastructures for healthcare, transportation, financial, power grids, military, intelligence, and safety systems, etc. It is essential to have measurement technology such as ACPT for access control policy administrators and authors to ensure the safety and flexibility in composing and combining their access control policies. Thus, the developing of ACPT meets the mission of the Computer Security Division, according to the Federal Information Security Management Act of 2002 (FISMA). Introduction of ACPT slides can be downloaded in the Reference Section below.
ACPT is currently available as a prototype system; it contains model templates for three major access control policies: static Attribute-Based access control, Multi-Leveled Security, and stated Work-Flow. New and improved features will be added for the future versions. To learn more about ACPT please review these presentation slides. NIST welcomes joint effort in developing ACPT, please contact the project lead listed in the Contacts for further information.
The Access Control Policy Tool (ACPT) is developed by NIST Computer Security Division and North Carolina State University, and is sponsored by the Director of National Intelligence. Click here to learn how to obtain the Beta Release tool.
Security and Privacy: access control, threats
Technologies: cloud & virtualization, mobile
Applications: communications & wireless