The ABAC Advantage According to NIST – What the Guidelines and the Users Have to Say

In this webinar we will discuss the ABAC advantage according to the National Institute for Standards and Technology (NIST).

In 1992 the US National Institute of Standards and Technology (NIST) published a paper on Role Based Access Control (RBAC). For years to come RBAC remained the predominant model for access control and the NIST publications on this topic most certainly influenced this development.

By and by, the limitations of RBAC became more apparent and NIST researchers and analysts have looked at alternatives. In 2009 the Federal Chief Information Officers Council (Federal CIO Council) published its Federal Identity, Credential, and Access Management (FICAM) roadmap and implementation plan with ABAC as the recommended model for access control. The NIST Special Publication 800-162 with guidelines for ABAC broadly discusses the advantages of a shift to ABAC.

In this webinar we will look at the NIST recommendations in the light of our own and our customers’ implementations experiences.

The webinar will cover:

  • The key ABAC advantages according to NIST
  • How they compare with customer experiences
  • How your organization can take advantage of them



Other Resources

The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.