U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NISTIR 8403 (Draft)

Blockchain for Access Control Systems

Date Published: December 20, 2021
Comments Due: February 7, 2022 (public comment period is CLOSED)
Email Questions to: ir8403-comments@nist.gov


Vincent Hu (NIST)


Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control mechanisms that support decentralization, scalability, and trust–all major challenges for traditional mechanisms–has grown.

Blockchain technology offers high confidence and tamper resistance implemented in a distributed fashion without a central authority, which means that it can be a trustable alternative for enforcing access control policies. This document presents analyses of blockchain access control systems from the perspectives of properties, components, architectures, and model supports, as well as discussions on considerations for implementation.

NOTE:  A call for patent claims is included on page iv of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



access control; blockchain; authorization; ABAC; policy
Control Families

None selected


NISTIR 8403 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
12/20/21: NISTIR 8403 (Draft)
05/26/22: NISTIR 8403 (Final)


Security and Privacy
access authorization; access control