Navigate to content

INCITS Forms New Task Group for Role-Based Access Control Standards


CONTACT: Gabrielle Gellinas
(202) 626-5736 or

INCITS Forms New Task Group for Role-Based Access Control Standards

Washington, DC – November 1, 2005 – The InterNational Committee for Information Technology Standards (INCITS) Cyber Security Technical Committee (CS1) has established a Task Group to develop implementation requirements for applications to use Role-Based Access Control (RBAC).

With RBAC, security permissions are managed by first assigning permissions to roles (e.g., Doctor, Nurse) and then assigning users to those roles. The initial goal of the INCITS RBAC Task Group will be to develop a set of implementation requirements for applications such as
financial services, health care, or manufacturing, based on the RBAC standard (INCITS 359-2004). This work is intended to promote interoperability among organizations employing RBAC as an access control model. The new INCITS CS1.1 task group will be responsible for the technical development of all RBAC related projects within CS1.

“Providing a forum where RBAC subject experts can focus exclusively on RBAC projects is the most efficient and effective way to progress such work,” said Rick Kuhn of the Computer Security Division at the National Institute of Standards and Technology (NIST).

“Existing and new markets for RBAC systems should benefit from the enhanced interoperability that this new standard will enable”, explained Dr. Shashi Phoha, Director of NIST’s Information Technology Laboratory.

Daniel Benigni, INCITS CS1 chair, invites participation in this standards development effort. To participate or to obtain additional details, please contact Daniel Benigni,, or the INCITS CS1.1 RBAC Task Group Chair, Ed Coyne,

More information is available on the CS1 web site: or the NIST RBAC web site:

The mission of the InterNational Committee for Information Technology Standards (INCITS) is to promote the effective use of Information and Communication Technology through standardization in a way that balances the interests of all stakeholders and increases the global
competitiveness of the member organizations. INCITS serves as the U.S. Technical Advisory Group for ISO/IEC Joint Technical Committee 1, which is responsible for international standardization in the field of information technology.

INCITS and the Information Technology Industry Council (ITI) are jointly accredited by, and operate under rules approved by, the American National Standards Institute (ANSI). These rules are designed to ensure that voluntary standards are developed by the consensus of directly and materially affected interests. For further information, please contact INCITS, 1250 Eye St. NW, Suite 200, Washington, DC 20005 (

©2005 Information Technology Industry Council