slide background slider image
unintended and faulty access control policies can lead to resource and information leaks
slide background slider image
security policy tool enables access control policy composition,
analysis, tests, leak inspection, and verification
slide background slider image
Security Policy Tool

Security Policy Tool delivers a solution for testing, analyzing, and editing access control policies. It instills confidence that classified assets in the Big data, Cloud, IoT, Cybersecurity, and other access control systems are protected at the level your organization intends them to be.

Policy Development

Policy Development

Easily edit various access control policies for your complex access control system

Policy Test & Analysis

Policy Test

Policy test results allow you to inspect potential mistakes and fix faulty policies with ease

Policy Deployment

Policy Deployment

Deploy your verified XACML 3.0/2.0 policies to achieve high access control security confidence

Security Policy Tool prevents Access Control Leaks and other flaws to enhance online system security.

What is Security Policy Tool?

An access control solution empowering organizations to enhance the way they design, test, and verify their access control policies

  • Build your ABAC/MLS/Workflow access control models
  • Test, analyze, and verify your access control policies
  • Identify and correct unknown errors, hidden deep within your complex policies
  • Automatically convert your access control models into XACML policies
  • Edit and export XACML Policies to deploy into any access control system
  • Also included is a powerful GUI & text-based XACML editor
What are the key benefits?

Security Policy Tool helps your organization keep your access control policies free from vulnerabilities while also saving you time and cost in the process

  • User-Friendly: Enabling efficient policy composition and analysis
  • Leak Prevention: Comprehensive testing and verification enables you to identify hidden errors that could otherwise lead to access control leaks (e.g., data breach)
  • Automation: Generate (> 99%) policy testing coverage, unachievable with manual testing approaches
  • Save Cost: Intuitive design reduces the time and cost required for policy development and modification
Who uses Security Policy Tool?

IT Professionals who specialize in access control policy design, development, and maintenance. We deliver value to many industries including:

  • Banking, Financial Services and Insurance (BSI)
  • Healthcare, Pharmaceutical, and Chemical
  • Government, Military, and Defense
  • IoT, Telecommunications, and Network Services
  • Manufacturing, Transportation, and Logistics
  • Utilities, Oil & Gas, and Energy
  • IT, Data Center, and Others


Security Policy Tool is a commercial version of NIST(National Institute of Standards and Technology)’s ACPT (Access Control Policy Tool) . ACPT is developed by NIST for Proof of Concept with some capability restrictions. With tremendous consultant to NIST experts, Security Policy Tool substantially enhances and expands the NIST’s ACPT design with advanced features for achieving high security confidence access control levels such that it can be commercialized. The development of Security Policy Tool is financially sponsored by NIST via a SBIR (Small Business Innovation Research) Phase I and II program. It specifically improves the NIST’s ACPT design to provide a robust, unified, professional, and functionally powerful access control policy tool.