Security Policy Tool website is now open and the software is expected to be available in July 2017!

Access control (AC) systems protect the secret financial, enterprise, organization, healthcare, defense, and various IT resources/services in an online system. In order to protect these classified resources, security specialists compose a set of access control policies (e.g., in XACML policies) to prevent unintended access. However, it is a challenge to achieve desired security goals when the composed policies have a complex number of rules. Misconfigured and faulty policies as well as errors in rule combining algorithms could potentially result in unexpected leaks resulting in serious economic and political consequences. In the last decade, we have been witnessing many cybersecurity incidents (e.g., large-scale data breaches, WikiLeaks), due to the misconfiguration of AC policies.

For many years the concept behind Security Policy Tool has been researched, with the goal of verifying access control policies to ensure there are no leaks when policies are deployed in a system. Since 2015, InfoBeyond has been developing the Security Policy Tool software to give access control policy authors the power to test and analyze unintended accessibility. With the identification of the faulty and unintended policies, the policy author can fix the rules in the policies to exclude the access control vulnerabilities. For such a purpose, Security Policy Tool has many functions for the policy author to use to find the correlations among the rules and the AC accessibility. In addition, Security Policy Tool offers the functions to conveniently compose the AC model with ease. It also contains an XACML editor for policy editing. 

Security Policy Tool incorporates all the functions in the NIST's ACPT (Access Control Policy Tool) with significant enhancements and advanced extension in terms of usability and functions. It is compatible with XACML 3.0 policy models in a framework of PEP (Policy Enforcement Point), PDP (Policy Decision Point), PIP (Policy Information Point), and PAP (Policy Administration Point). Furthermore, Security Policy Tool is confirmed with the NIST 7316 Specification (Assessment of Access Control Systems). Due to these security policy compliances, Security Policy Tool satisfies the policy testing and analyzing requirements for the state-of-art access control systems as well as the legacy access control systems.

Security Policy Tool is targeted for access control Policy Authors, Policy Developers/Composers, AC Software Developers, IT Access Control Security Managers, Cybersecurity Specialists, or other professionals who specialize in the performance of access control systems.  

Check out our product website to learn more! (www.securitypolicytool.com)