How Does Security Policy Tool Enhance My Access Control Security?

Wednesday, April 18, 2018

Security Policy Tool assists IT specialists to gain better control of their access control performance through systematic policy modeling, testing, and verification. It's a first-of-its-kind solution that works standalone from your existing access control system; it is not a full Access Control System, ABAC Implementation, Enforcement System (PEP, PDP), etc. Security Policy Tool is focused on access control policies, a specific but also very important portion of the entire access control system architecture. To receive all the great benefits of Security Policy Tool you, your organization, or client should first meet one of the requirements below…

A.)    You or your organization/client already has an access control system implemented

B.)    You or your organization/client is in the process of implementing an access control system

If you meet one of these criteria above, then stick around! To understand how Security Policy Tool helps prevent access control leaks reference the GIF below as you continue reading on…




Before an access control system ever goes live a security specialist first designs access control policy documents (e.g. XACML) to describe exactly how their system should handle access requests as they occur. During the process of implementing their full-system, the specialist will insert these designed policies into a portion of the access control framework called the Policy Administration Point (PAP). This PAP area is responsible for providing the rules for the system to follow. For example, when a subject (individual, group, etc.) makes a request to take an action (view, edit, etc.) on an online resource (file a, file b, etc.), the system will reference the PAP (policies). The system will then make a decision to Permit or Deny that request based on exactly what has been written and specified in those policies within the PAP.

Organizations who utilize Attribute-based Access Control (ABAC) can define their access rules and policies extremely finely. This is a tremendous advancement from the more general Role-based Access Control (RBAC) due to improvements in flexibility and customization in allowing policy authors to assign very specific privileges to very specific users or groups. Where this increased flexibility and detail provides significant advantages over RBAC, it does have one slight drawback. Due to these system rules and policies being designed in larger detail it also becomes more challenging to comprehensively model and test the performance of their system before going live. As their system handles a combination of requests simultaneously, how will organizations know that their system/policies will result in the right decision every time?

That’s where Security Policy Tool comes in! A direct implementation of the National Institute of Standards & Technology (NIST)’s ACPT Prototype; Security Policy Tool gives access control specialists a tool to model and verify that their policies will operate as intended before going live. With Security Policy Tool, specialists can create fresh policies in the included powerful XACML Editor or simply model their existing access control policies and begin testing them in an organized and systematic environment. This enables them to gain confidence that they have not missed small or hidden errors/flaws that could result in access control leakage. NIST’s state-of-the-art combinatorial test algorithms are the focal point of Security Policy Tool which enables specialists with a few short clicks to systematically test their policies and achieve a coverage of (> 99%). The results are then displayed and can be further analyzed to ensure specific request scenarios are in-fact operating as intended (ref. GIF above; Permit Request decision was made however intended result was Deny Request). If an error or flaw is identified the specialists can very easily make changes to their policies and test again until the desired result is achieved. After verifying their policies are fully secure they can export their policies into XACML and deploy them back into their current access control system. Organizations who do not model, test, and verify their policies take on a greater risk of exploitation of hidden security holes through outsider and insider attacks. For organizations operating in industries that manage sensitive, financial, and customer data; Security Policy Tool is especially important to add to their existing access control maintenance processes.

Security Policy Tool – Unlimited Version is now available at a low price of just $120/mo and is also available in more limited subscription packages to fit any organization’s size and needs. Still not sure about Security Policy Tool? Try the FREE Lite Version where you can get an idea of how easy Security Policy Tool can be used to save your organization time and cost while preventing access control leaks.

Sign up today at and begin modeling, testing, and verifying your access control policies, today!