slide background slider image
unintended and faulty access control policies can lead to resource and information leaks
slide background slider image
security policy tool enables access control policy composition,
analysis, tests, leak inspection, and verification
slide background slider image
Security Policy Tool

Our Security Policy Tool delivers a solution for testing, analyzing, and editing access control policies. It instills confidence that classified assets in the Big data, Cloud, IoT, Cybersecurity, and other access control systems are protected at the level your organization intends them to be.

Policy Development

Simple to edit various policies for your complex access control system

Policy Test & Analysis

Policy test results allow you to inspect potential mistakes and fix faulty policies with ease

Policy Deployment

Deployable XACML 3.0 policies for high Access Control Security Confidence

What is Security Policy Tool?

Security Policy Tool delivers complete access control testing and analyzing functions, to validate and fix the hidden faulty, unintended, or misconfigured policies:

  • User-friendly interface presents your testing results for efficient analysis
  • Discover potential vulnerabilities in your policies to prevent security holes
  • Verify that your access control policies are generating your intended level of security
  • Evaluation of security in all access control policies (e.g., > 99% access control testing coverage)
  • GUI (Graphic User Interface) makes it simple to compose and edit deployable access control policies and automatically convert, import, and export XACML 2.0/3.0
  • Model a hierarchical military/enterprise/organization access control structure simply with our Inheritance function
  • GUI (Graphic User Interface) to compose/edit deployable access control rules/policies, and automatically convert, import and export XACML 2.0/3.0
  • ABAC, Multilevel, Workflows, Separation of Duty/Conflicts of Interests
What are the key benefits?

Security Policy Tool not only prevents access control security leaks but also eliminates costly and labor intensive policy development and maintenance:

  • Development: avoid the mistakes caused by manually composing access control policies
  • Analysis: discover and fix faulty access control policies hidden from detection
  • Verification: verify Big Data, IoT, Cloud and distributed access control policies
  • Confidence: improve security confidence by giving your organization the ability to analyze the testing results of your complex AC policies
  • Save Policy Development Time: import/edit/export XACML policies easily
  • Low Cost: low policy deployment and maintenance cost
Who uses Security Policy Tool?

Security Policy Tool can be used by Policy Authors, Policy Developers/Composers, Access Control Software Developers, IT Access Control Security Managers, Cybersecurity Specialists, or other professionals that specialize in the performance of access control systems:

  • IT, IoT, Telecom, Data Center, Telecom infrastructure, Device, Service Control Systems
  • Government, Defense, National Cybersecurity Systems
  • Transportation & Logistics Resource Access Systems
  • BFSI (Banking, Financial Services and Insurance) Systems,
  • Healthcare, Chemical/Pharma, Manufacturing and Utilities Access Control Systems
  • Organization, University, Education Control Systems
  • Retail, Oil, Gas & Energy Cybersecurity Control Systems
  • Hospitality & Residential Access Control Systems
  • Computer Network and other Access Control Systems


Security Policy Tool is a commercial version of NIST(National Institute of Standards and Technology)’s ACPT (Access Control Policy Tool) . ACPT is developed by NIST for Proof of Concept with some capability restrictions. With tremendous consultant to NIST experts, Security Policy Tool substantially enhances and expands the NIST’s ACPT design with advanced features for achieving high security confidence access control levels such that it can be commercialized. The development of Security Policy Tool is financially sponsored by NIST via a SBIR (Small Business Innovation Research) Phase I and II program. It specifically improves the NIST’s ACPT design to provide a robust, unified, professional, and functionally powerful access control policy tool.