Glossary · Term

NIST access-control framework

← all terms

Definition

Plain language

A government standard saying that to approve any request you need to know the action, the thing acted on, and the setting.

As stated in the literature

The NIST standard specifying that authorizing a request requires knowing the action, the object, and the environment; used in UnderSpecBench as the basis for its three ambiguity dials, since an instruction missing any one is a request no human reviewer could properly approve.

Also called: NIST

Why it matters: It spells out exactly what information any request needs before it can be safely approved, so a request missing any piece is one no reviewer could responsibly sign off on.

For example, before approving 'delete the files,' this framework says you must know which files, what deleting means here, and whether it's the test or live system.

Heard on the show

“NIST's standard access-control framework says authorizing any request requires knowing the action, the object, and the environment — each dial removes one.”
Episode 195 — Why 'Be Careful' Does Nothing for AI Coding Agents, and What Does

Mentioned in 1 episode

  1. 195
    Why 'Be Careful' Does Nothing for AI Coding Agents, and What Does

Related terms