Gives the definition of guidelines for specifying the abstract syntax of generic and specific Security Information Objects (SIOs), and the specifications of generic and specific SIOs for Access Control. Covers only the "statics" of SIOs through syntactic definitions in terms of ASN.1 descriptions and additional semantic explanations. Does not cover the "dynamics" of SIOs (e.g. rules relating to their creation and deletion), which are a local implementation issue.
SANS 15816:2006 history
2006SANS 15816:2006 Information technology - Security techniques - Security information objects for access control