This paper presents a PCIM-based framework for storing and enforcing RBAC (Role Based Access Control) policies in distributed heterogeneous systems. PCIM (Policy Core Information Model) is a generic information model proposed by IETF. This paper proposes a PCIM extension, called RBPIM (Role-Based Policy Information Model), in order to represent network access policies based on the RBAC model. A RBPIM implementation framework based on the PDP/PEP (Policy Decision Point/Policy Enforcement Point) approach is also presented. In the proposed framework, the communication between the PDP and the PEPs is implemented using the COPS (Common Open Policy Service) protocol, also defined by the IETF. The framework adopts the outsourcing approach, where the policy rules are evaluated by the PDP, as defined by the COPS standard. This paper evaluates the outsourcing model for access control by presenting a case study and the average response time of PDP under different load conditions.