Skip to main content

← Back to glossary

Term · 14. International Standards

NIST RBAC

Term from Standard Source: NIST RBAC (INCITS 359)
AuthZ Standards ISO/IEC NIST

Definition

NIST RBAC Standard — INCITS 359-2012 (Role-Based Access Control). Defines four RBAC variants: Flat RBAC (basic roles+users), Hierarchical RBAC (role inheritance), Constrained RBAC (SoD policies), Symmetric RBAC (review queries). De-facto international standard for RBAC implementations.

Synonyms
  • NIST RBAC (INCITS 359)
Application
Foundation for most enterprise IAM RBAC implementations. Referenced in NIST SP 800-53, NIST SP 800-162 (ABAC). Modern IGA platforms (SailPoint, Saviynt, Microsoft Entra) implement Constrained RBAC + Hierarchical RBAC variants.
Standards & regulations
  • INCITS 359-2012 «This standard consists of two main parts the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The RBAC Reference Model defines sets of basic RBAC elements (i.e., u»
  • ANSI/INCITS 359-2004 «The NIST model for RBAC was adopted as American National Standard 359-2004 by the American National Standards Institute, International Committee for Information Technology Standards (ANSI/INCITS) on F»
Sources

Related terms

← Back to glossary  ·  Open in main list