Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Role Based Access Control RBAC

RBAC and Sarbanes-Oxley Compliance

The Sarbanes-Oxley Act establishes a set of requirements for financial systems, to deter fraud and increase corporate accountability.  For information technology systems, regulators may need to know who used a system, when they logged in and out, what accesses or modifications were made to what files, and what authorizations were in effect.  IT vendors responding to Sarbanes-Oxley (SOX) requirements have adopted RBAC as central to compliance solutions because RBAC was designed to solve this type of problem.


Contacts

RBAC Inquiries
rbac-info@nist.gov

David Ferraiolo
david.ferraiolo@nist.gov

Rick Kuhn
d.kuhn@nist.gov
(301) 975-3337

Ramaswamy Mouli Chandramouli
mouli@nist.gov
301-975-5013

Topics

Security and Privacy: access control

Created November 21, 2016, Updated June 22, 2020