You are here

XpressRules-PM: Commercial Implementation of PM/NGAC

Award Information
Agency: Department of Commerce
Branch: National Institute of Standards and Technology
Contract: 70NANB17H226
Agency Tracking Number: 097-04-09 (FY17)
Amount: $100,000.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: N/A
Solicitation Number: 2017-NIST-SBIR-01
Timeline
Solicitation Year: 2017
Award Year: 2017
Award Start Date (Proposal Award Date): 2017-07-31
Award End Date (Contract End Date): 2018-01-30
Small Business Information
9515 North Wieber Dr, Spokane, WA, 99208
DUNS: 079700695
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Ronald Turner
 (509) 467-0668
 Ron.Turner@XpressRules.com
Business Contact
 Ronald Turner
Phone: (509) 467-0668
Email: Ron.Turner@XpressRules.com
Research Institution
N/A
Abstract
This proposal represents a collaborative response by XpressRules and NIST to a two-fold demand from the information security marketplace. The business requirement (for true policy governance) is that asset owners and steward themselves-and not IT—become directly accountable for the life cycles of their rules and policies. The technical requirement (for an adequate data model) is that the policies themselves embody sufficient semantic content so as to enable effective “pre-emptive analytics”—the ability for policy analysts to discover logical leaks and gaps before a policy is deployed. For attributebased access control (ABAC) NIST center-staged the human manager by defining and demonstrating natural language policy (NLP) in its Guide to ABAC (SP 800-162). In addition the NIST standardization and current implementation of Policy Machine/New Generation Access Control (PM/NGAC) provides the semantics-rich graph-based data model required for robust policy analytics. The goal of this proposal is to exploit and commercialize both of these NIST initiatives with XpressRules-PM, a product with (1) an adaptive NL human-computer interface (HCI) that empowers business users—in their own words—to manage policies and the policy authoring environment and (2) a dynamic graph-based policy representation that allows for effective policy analytics.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government