Security Standard ANSI INCITS 359-2004 for Role Based Access Control (RBAC)
INCITS Announces New Standard for Role Based Access Control
First-of-its-kind Cyber Security Standard Supports Commercial and Homeland Security Applications
April 02, 2004. Washington, DC, USA.
The InterNational Committee for Information Technology Standards (INCITS) today announced that the Role Based Access Control (RBAC) standard has been approved by the American National Standards Institute (ANSI). The standard is designated as ANSI INCITS 359-2004, American National Standard for Information Technology — Role Based Access Control, and can be purchased through the INCITS Web site:
Role Based Access Control has become the predominant model for advanced access control because it reduces the complexity and cost of security administration in large networked applications. Many information technology vendors have incorporated RBAC into their product line, and the technology is finding applications in areas ranging from health care to defense, in addition to the mainstream commerce systems for which it was designed. The National Institute of Standards and Technology (NIST) initiated the development of the standard via the INCITS fast track process.
This standard describes RBAC features that have achieved acceptance in the commercial marketplace. It includes a reference model and functional specifications for the RBAC features defined in the reference model. It is intended for:
- software engineers and product development managers who design products incorporating access control features
- managers and procurement officials who seek to acquire computer security products with features that provide access control capabilities based on commonly known and understood terminology and functional specifications
"The standard provides users and vendors of information technology products with a coherent and uniform definition of RBAC features and we anticipate that this first ever RBAC standard can serve as the basis for further international standardization of RBAC by INCITS," explained Susan Zevin, Acting Director of the Information Technology Laboratory at the National Institute for Standards and Technology (NIST).
"This RBAC standard is structured so that RBAC profiles could be developed for specific applications, such as the protection of critical infrastructure, and we welcome all interested parties to join INCITS to further progress RBAC standardization," said Karen Higginbottom, INCITS Executive Board Chair and Director of Standards Initiatives in Hewlett-Packard's Office of Strategy and Technology. The new RBAC standard is already being used by the Organization for the Advancement of Structured Information Standards (OASIS) to define RBAC building blocks for web services using the popular XML language.
Ed Reed, the Security Tzar at Novell, said, "Novell welcomes the publication of this standard. We look forward to the widespread industry adoption of RBAC as a standard in applications and infrastructure services that this will encourage."
More information on RBAC can be found on the NIST Computer Security Resource Center Web site at:
The InterNational Committee for Information Technology Standards (INCITS) is the primary U.S. focus of standardization in the field of Information and Communications Technology (ICT) encompassing storage, processing, transfer, display, management, organization, and retrieval of information. As such, INCITS also serves as the American National Standards Institute's (ANSI) Technical Advisory Group for ISO/IEC Joint Technical Committee 1. JTC 1 is responsible for International standardization in the field of information technology. INCITS is accredited by ANSI and operates under its rules, designed to ensure that voluntary standards are developed by the consensus of directly and materially affected interests. Contact: INCITS Secretariat, Information Technology Industry Council, 1250 Eye St. NW, Suite 200, Washington, DC 20005. WWW: www.incits.org.
As a non-regulatory agency of the U.S. Department of Commerce's Technology Administration, NIST develops and promotes measurements, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. The NIST web site is www.nist.gov.
Tel: +1 (202) 626-5725
Prepared by Robin Cover for The XML Cover Pages archive. See details in the news story "INCITS Announces ANSI's Approval of Role Based Access Control (RBAC) Security Standard."