Manager, Secure Systems and Application Group
National institute of Standards and Technology
David F. Ferraiolo is the manager of the Secure Systems and Applications group at the National Institute of Standards and Technology (NIST). He has conducted research in various areas of access control and authorization management, including formal model development, reference and prototype implementation, product demonstration development and evaluation. He is a coauthor of a first and second edition book on Role-based Access Control (RBAC) and a book on Attribute Based Access Control (ABAC), is the author or coauthor of more than 60 papers and journal articles with over 14,500 citations, and holds three patents, on topics related to access control. Mr. Ferraiolo is widely credited for advancing RBAC from a formalized concept to the world’s most widely used access control model, with features that show up at virtually all levels of computing. In view of RBAC’s known deficiencies, Mr. Ferraiolo has led the development of an Attribute-Based Access Control (ABAC) authorization system, referred to as the Policy Machine (PM) to serve as research platform in support of an ANSI/INCITS standard under the title of Next Generation Access Control (NGAC). Mr. Ferraiolo has received the 2019 ACSAC “Test of Time Paper” award, 2018 IEEE Bronze medal for Innovation in Societal Infrastructure, a U.S. Department of Commerce gold medal, and an Excellence in Technology Transfer award from the Federal Laboratory Consortium. Mr. Ferraiolo has also served as a motivator and contributor to numerous security-oriented standardization efforts to include the Common Criteria (ISO 15408), RBAC (ANSI/INCITS 359), and NGAC (ANSI/INCITS 565).