ABAC systems work to help corporate and public organizations manage an individualâs access rights to data networks and related systems based on the userâs certification, title, training and other attributes, NIST said Wednesday.
âWe wanted to demonstrate to organizations how some of ABACâs fundamental capabilities can address their cybersecurity challenges,â said Bill Fisher, a security engineer at NCCoE and ABAC project lead.
The draft guidance discusses potential advantages and security risks associated with the adoption of an ABAC platform and how institutions can decide on various usersâ access rights to information networks through commercially available systems.
NISTâs NCCoE will accept feedback on the draft guide through Dec. 4.