Interoperable systems cannot exist if they don’t speak the same language. The Program Manager – Information Sharing Environment (PM-ISE), in coordination with the Department of Homeland Security, completed a Digital Policy Management (DPM) Framework for Attribute-Based Access Control (ABAC), publicly available at ise.gov. The Framework provides a suggested conceptual structure intended to serve as a guide for developing systems, standards, and technologies that implement DPM functions for ABAC policies. The Framework includes DPM terminology, requirements, a reference architecture, and implementation considerations, and is intended for use as part of a holistic Identity, Credential and Access Management (ICAM) architecture.   

An ABAC implementation is an approach to help organizations enable the right individuals to access the right resources at the right time for the right reasons.  In an ABAC environment, users (and other non-person subjects) are described by attributes (e.g. job function, organization, clearance), resources are described by tags (e.g. access requirements, handling restrictions), and access requests are decided using machine readable, digital policies based on those descriptions. Digital policies are based on organizational policies and are typically generated using a process to convert human readable policies to a machine readable form.  As such, a uniform means to manage digital policies is needed to help ensure resource access decisions are consistent throughout an organization.  Digital Policy Management is a means to centralize the generation, validation, and management of those digital policies. 

The Digital Policy Management Framework for ABAC, when implemented, will allow an organization to timely and uniformly manage the digital policies used to control access to its resources throughout the organization as organizational policies change.  Similar benefits will apply to a federation of organizations that adopt the Framework.  Additionally, a common Framework to manage digital policies helps with operational transparency and trust among federation partners.  Implementing the Framework will help foster information sharing, and support organization-to-organization interoperability goals. 

If you have questions or feedback about using this document, visit the Contact Us page on ISE.gov, or look through our ICAM-related website content.