Accession Number PB2012-114863
Title Guidelines for Access Control System Evaluation Metrics.
Publication Date Sep 2012
Media Count 49p
Personal Author K. Scarfone V. C. Hu
Abstract Nearly all applications include some form of access control (AC). AC is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. AC systems come with a wide variety of features and administrative capabilities, and their operational impact can be significant. In particular, this impact can pertain to administrative and user productivity, as well as to the organizations ability to perform its mission. Therefore, it is reasonable to use quality metrics to verify the mechanical properties of AC systems. This document discusses the administration, enforcement, performance, and support properties of AC mechanisms that are embedded in each AC system. Because of the rigorous nature of the metrics and the knowledge needed to gather them, these metrics are intended to be used by AC experts who are evaluating the highest security AC systems.
Keywords Access control
Access control system evaluation
Information security
Metrics
Security metrics


 
Source Agency National Institute of Standards and Technology
NTIS Subject Category 94 - Industrial & Mechanical Engineering
70B - Management Practice
Corporate Author National Inst. of Standards and Technology (ITL), Gaithersburg, MD. Computer Security Div.
Document Type Technical report
Title Note N/A
NTIS Issue Number 1226
Contract Number N/A

Science and Technology Highlights

See a sampling of the latest scientific, technical and engineering information from NTIS in the NTIS Technical Reports Newsletter

Acrobat Reader Mobile    Acrobat Reader