These policies can be equated to the rules in a firewall and are constructed in a similar fashion.
The service management team acquired a new mind-set and array of tools.
To provide federal agencies with examples of how the Cybersecurity Framework can augment the current versions of NIST security and privacy risk management publications, this guidance uses common federal information security vocabulary and processes.
NIST will engage with agencies to add content based on agency implementation, refine current guidance and identify additional guidance to provide the information that is most helpful to agencies.
This chapter examines the relationship between authentication and authorization and how to build policies for each, describing a few common Authentication Policies and Authorization Policies to help you see how to work with these policy constructs.
The previous chapter focused on the levels of authorization you should provide for users and devices based on your logical Security Policy.