Security Policy Tool

Delivering access control leak prevention through systematic modeling, testing, and verification. Ensure your access control policies are free from vulnerabilities and logic flaws with Security Policy Tool. Gain confidence that sensitive assets in the Big data, Cloud, IoT, Cybersecurity, and other access control systems are being protected as you have intended.

Unintended Access Control Policies Aided the Snowden NSA Leak
Access Control Policy Flaws Open the Door for Data Breach (ex, Clinton Emails, DNC Leak..)
Access Control Vulnerabilities Pave the Way for Data Theft (ex, Equifax, JP Morgan, Target,..)

Close the door to access control leaks with Security Policy Tool!

Security Policy Tool helps you prevent these situations by empowering you to verify that your access control policies are free of vulnerabilities and flaws before deployment into your organization’s enforcement system (PDP, PEP, etc.).

Security Policy Tool prevents Access Control Leaks and other flaws to enhance online system security.

Close the door towards Access Control Leaks

Do you want an easy and quick way to develop your access control policy?

Boost your Access Control system to meet National Institute of Standards & Technology (NIST) federal access control requirements: NIST SP 800-192, 800-162, NISTIR 7316, NISTIR 7874, SP 800-37, and SP 800-53/53A.

See a sample report Try the Lite Version

An award-wining tool



are using security policy tool since January 2018

Policy Development

Policy Development

Easily edit various access control policies for your complex access control system

Policy Test & Analysis

Policy Test

Policy test results allow you to inspect potential mistakes and fix faulty policies with ease

Policy Deployment

Policy Deployment

Deploy your verified XACML 3.0/2.0 policies to achieve high access control security confidence

Security Policy Tool makes it easy to write and verify your Access Control Policies. A powerful XACML Editor is included free.

What is Security Policy Tool?

An access control solution empowering organizations to enhance the way they design, test, and verify their access control policies

  • Build your ABAC/MLS/Workflow access control models
  • Test, analyze, and verify your access control policies
  • Identify and correct unknown errors, hidden deep within your complex policies
  • Automatically convert your access control models into XACML policies
  • Edit and export XACML Policies to deploy into any access control system
  • Also included is a powerful GUI & text-based XACML editor
What are the key benefits?

Security Policy Tool helps your organization keep your access control policies free from vulnerabilities while also saving you time and cost in the process

  • User-Friendly: Enabling efficient policy composition and analysis
  • Leak Prevention: Comprehensive testing and verification enables you to identify hidden errors that could otherwise lead to access control leaks (e.g., data breach)
  • Automation: Generate (> 99%) policy testing coverage, unachievable with manual testing approaches
  • Save Cost: Intuitive design reduces the time and cost required for policy development and modification
Who uses Security Policy Tool?

IT Professionals who specialize in access control policy design, development, and maintenance. We deliver value to many industries including:

  • Banking, Financial Services and Insurance (BFSI)
  • Healthcare, Pharmaceutical, and Chemical
  • Government, Military, and Defense
  • IoT, Telecommunications, and Network Services
  • Manufacturing, Transportation, and Logistics
  • Utilities, Oil & Gas, and Energy
  • IT, Data Center, and Others


Security Policy Tool is a commercial version of NIST(National Institute of Standards and Technology)’s ACPT (Access Control Policy Tool) . ACPT is developed by NIST for Proof of Concept with some capability restrictions. With tremendous consultant to NIST experts, Security Policy Tool substantially enhances and expands the NIST’s ACPT design with advanced features for achieving high security confidence access control levels such that it can be commercialized. The development of Security Policy Tool is financially sponsored by NIST via a SBIR (Small Business Innovation Research) Phase I and II program. It specifically improves the NIST’s ACPT design to provide a robust, unified, professional, and functionally powerful access control policy tool.