Role-Based Access Control: The NIST Solution

by Hazen Weber
Sept. 1, 2017 0 comments SANS Institute system administration

Today’s competitive environment often times requires that data be secured and access to that data be limited to the “minimum necessary”. Security models such as Mandatory Access Control and Discretionary Access Control have been the means by which to secure information and regulate access. But due to the inflexibility of these models, the rather new security concept of RoleBased Access Control (RBAC) as proposed by the National Institute of Standards and Technology (NIST) promises to become a more prominent security model in the near future. By decreasing rights administration efforts to role development and assignment, security and productivity can be both increased while greatly downplaying the “balance” effect of sacrificing one for the other.