1NISTSpecialPublication800-162GuidetoAttributeBasedAccessControl(ABAC)DefinitionandConsiderations基于属性的访问控制(ABAC)定义和注意事项指南2AuthorityThispublicationhasbeendevelopedbyNISTtofurtheritsstatutoryresponsibilitiesundertheFederalInformationSecurityManagementAct(FISMA),PublicLaw(P.L.)107-347.NISTisresponsiblefordevelopinginformationsecuritystandardsandguidelines,includingminimumrequirementsforFederalinformationsystems,butsuchstandardsandguidelinesshallnotapplytonationalsecuritysystemswithouttheexpressapprovalofappropriateFederalofficialsexercisingpolicyauthorityoversuchsystems.ThisguidelineisconsistentwiththerequirementsoftheOfficeofManagementandBudget(OMB)CircularA-130,Section8b(3),SecuringAgencyInformationSystems,asanalyzedinCircularA-130,AppendixIV:AnalysisofKeySections.SupplementalinformationisprovidedinCircularA-130,AppendixIII,SecurityofFederalAutomatedInformationResources.本出版物由NIST制定,旨在进一步履行其在《联邦信息安全管理法》(FISMA)、《公法》(P.L.)107-347项下的法定职责。NIST负责制定信息安全标准和指南,包括联邦信息系统的最低要求,但未经对此类系统行使政策权力的适当联邦官员明确批准,此类标准和指南不得适用于国家安全系统。本指南符合管理和预算办公室(OMB)A-130号通告第8b(3)节“确保机构信息系统安全”的要求,如A-130号通告附录四“关键章节分析”所述。补充信息见A-130号通告,附录三,联邦自动化信息资源安全。NothinginthispublicationshouldbetakentocontradictthestandardsandguidelinesmademandatoryandbindingonFederalagenciesbytheSecretaryofCommerceunderstatutoryauthority.NorshouldtheseguidelinesbeinterpretedasalteringorsupersedingtheexistingauthoritiesoftheSecretaryofCommerce,DirectoroftheOMB,oranyotherFederalofficial.ThispublicationmaybeusedbynongovernmentalorganizationsonavoluntarybasisandisnotsubjecttocopyrightintheUnitedStates.Attributionwould,however,beappreciatedbyNIST.本出版物中的任何内容都不应视为与商务部长根据法定权限制定的对联邦机构具有强制性和约束力的标准和指南相抵触。这些准则也不应被解释为改变或取代现任商务部长、OMB主任或任何其他联邦官员。本出版物可由非政府组织自愿使用,在美国不受版权保护。然而,NIST会很感激这种归属。NationalInstituteofStandardsandTechnologySpecialPublication800-162Natl.Inst.Stand.Technol.Spec.Publ.800-162,47pages(January2014)CODEN:NSPUE2Thispublicationisavailablefreeofchargefrom:https://doi.org/10.6028/NIST.SP.800-1623Certaincommercialentities,equipment,ormaterialsmaybeidentifiedinthisdocumentinordertodescribeanexperimentalprocedureorconceptadequately.SuchidentificationisnotintendedtoimplyrecommendationorendorsementbyNIST,norisitintendedtoimplythattheentities,materials,orequipmentarenecessarilythebestavailableforthepurpose.TheremaybereferencesinthispublicationtootherpublicationscurrentlyunderdevelopmentbyNISTinaccordancewithitsassignedstatutoryresponsibilities.Theinformationinthispublication,includingconceptsandmethodologies,maybeusedbyFederalagenciesevenbeforethecompletionofsuchcompanionpublications.Thus,untileachpublicationiscompleted,currentrequirements,guidelines,andprocedures,wheretheyexist,remainoperative.Forplanningandtransitionpurposes,FederalagenciesmaywishtocloselyfollowthedevelopmentofthesenewpublicationsbyNIST.OrganizationsareencouragedtoreviewalldraftpublicationsduringpubliccommentperiodsandprovidefeedbacktoNIST.AllNISTComputerSecurityDivisionpublications,otherthantheonesnotedabove,areavailableathttps://csrc.nist.gov...
