NIST, NSA Tackle Privilege Management

Privilege Management Seen as Key Component of Access Management Framework A group of experts assembled by the National Institute of Standards and Technology and National Security Agency has reached a consensus on the definition of the term privilege management, which describes a set of processes for managing the data, attributes and policies in particular that determine a user's access rights to a system.

This definition aligns with the Federal Identity, Credential and Access Management definition of privilege management, and firmly establishes privilege management as one component of the wider access management framework.

NIST has issued two new interagency reports on privilege management that saw their genesis in the first Privilege Management Workshop held last September by NIST and the NSA.

NIST Interagency Report 7665 is a synopsis of those proceedings. NIST IR 7657 is a report based on the workshop and additional comments NIST solicited last November from the public.

The workshop, and subsequent interagency reports, covered standards, definitions and terms; models and frameworks; state of technology and research agenda; and policies and requirements.

According to the second interagency report:

"The central topic of the workshop turned out to be attribute and policy management. Whether attribute and policy management should be called 'privilege management' is an open question at this point."

The report notes the interagency report and the Federal Identity, Credential and Access Management subcommittee of the Federal Chief Information Officers Council have varying definitions of privilege management in the area of identity, credential and access management. The FICAM definition views privilege management as a governance and business process; the interagency report definition focuses on computer-based management of attributes and policies.

"It remains for future deliberations, such as a follow-on workshop, to examine the issues involved and resolve the questions."

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.