This Article 
 Bibliographic References 
 Add to: 
A Matter of Policy
March-April 2012 (vol. 14 no. 2)
pp. 4-7
David Ferraiolo, US National Institute of Standards and Technology
Jeffrey Voas, US National Institute of Standards and Technology
George F. Hurlburt, Change Index

To many, system policy is a statement posted on a website indicating intention to protect personal data. In reality, policy is much broader, and its enforcement far more consequential. What if policy-derived rule sets could be rigorously defined and automated for software-intensive systems? Imagine a "policy machine" that allows codification of arbitrary rules stemming from policy to create executable code. Such a tool exists today at the US National Institute of Standards and Technology. The NIST Policy Machine offers a new technology in enforcing the important role of policy in systems design, evolution, management, and policy enforcement.

1. J. Martin et al., "Systems Engineering Guide," Naval Air Systems Command, May 2003.
2. A. Valjarevic and H.S. Venter, "Towards a Digital Forensic Readiness Framework for Public Key Infrastructure Systems," Proc. Information Security South Africa (ISSA 11), IEEE Press, 2011, pp. 1–10.
3. C. Matlack, "Société Générale's Fraud: What Now?" Bloomberg Business Week,24 Jan. 2008; www. jan2008gb20080124_769729.htm.
4. D. Ferraiolo, V. Atluri, and S. Gavrila, "The Policy Machine: A Novel Architecture and Framework for Access Control Policy Specification and Enforcement," J. Systems Architecture, vol. 57, no. 4, 2011, pp. 412–424.

Index Terms:
System policy, policy enforcement
David Ferraiolo, Jeffrey Voas, George F. Hurlburt, "A Matter of Policy," IT Professional, vol. 14, no. 2, pp. 4-7, March-April 2012, doi:10.1109/MITP.2012.30
Usage of this product signifies your acceptance of the Terms of Use.