TRENDING:

NIST, NSA Tackle Privilege Management

Privilege Management Seen as Key Component of Access Management Framework April 12, 2010     A group of experts assembled by the National Institute of Standards and Technology and National Security Agency has reached a consensus on the definition of the term privilege management, which describes a set of processes for managing the data, attributes and policies in particular that determine a user's access rights to a system.

This definition aligns with the Federal Identity, Credential and Access Management definition of privilege management, and firmly establishes privilege management as one component of the wider access management framework.

NIST has issued two new interagency reports on privilege management that saw their genesis in the first Privilege Management Workshop held last September by NIST and the NSA.

NIST Interagency Report 7665 is a synopsis of those proceedings. NIST IR 7657 is a report based on the workshop and additional comments NIST solicited last November from the public.

The workshop, and subsequent interagency reports, covered standards, definitions and terms; models and frameworks; state of technology and research agenda; and policies and requirements.

According to the second interagency report:

"The central topic of the workshop turned out to be attribute and policy management. Whether attribute and policy management should be called 'privilege management' is an open question at this point."

The report notes the interagency report and the Federal Identity, Credential and Access Management subcommittee of the Federal Chief Information Officers Council have varying definitions of privilege management in the area of identity, credential and access management. The FICAM definition views privilege management as a governance and business process; the interagency report definition focuses on computer-based management of attributes and policies.

"It remains for future deliberations, such as a follow-on workshop, to examine the issues involved and resolve the questions."
Previous
NIST Issues Privacy Guidance
Next
Payments, Privacy and Vendor Management - Global Best Practices



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.