One standard that implements attribute- and policy-based access control is [[XACML]], the eXtensible Access Control Markup Language. XACML defines an architecture, a policy language, and a request / response scheme. It does not handle attribute management (user attribute assignment, object attribute assignment, environment attribute assignment) which is left to traditional [[Identity_management|IAM]] tools, databases, and directories.
Companies, including every branch in the United States military, have started using ABAC. At itsa basic level, ABAC usesprotects andata with ‘IF/THEN/AND’ model to protect the data itselfrules rather than assigningassign data to a user who can take that information anywhere they please or give a hacker the ability to swipe{{Definition needed|date=June 2019}} the fileusers. The US Department of Commerce has made this a mandatory practice and the adoption is spreading throughout several governmental and military agencies.[https://community.plm.automation.siemens.com/t5/Digital-Transformations/Attribute-Based-Access-Control-ABAC-Encryption-on-Steroids/ba-p/580836]<ref>{{Cite web|url=https://community.plm.automation.siemens.com/t5/Digital-Transformations/Attribute-Based-Access-Control-ABAC-Encryption-on-Steroids/ba-p/580836|title=Attribute Based Access Control (ABAC) – Encryption on Steroids|last=Coffey|first=Alisa|date=2019-03-28|website=Siemens PLM Community|language=en|access-date=2019-04-01}}</ref>
