Attribute-based access control (ABAC) is a type of access control that includes a system that allows only users that are type=managers and department=sales to access employee records. ABAC is a flexible and granular access control model that uses attributes to define access rules and policies, and to make access decisions. Attributes are characteristics or properties of entities, such as users, resources, actions, or environments. For example, a user attribute can be the role, department, clearance, or location of the user. A resource attribute can be the type, classification, owner, or location of the resource. An action attribute can be the read, write, execute, or delete operation on the resource. An environment attribute can be the time, date, network address, or device of the access request. ABAC evaluates the attributes of the subject (user), the object (resource), the requested action, and the environment, and compares them with the predefined rules and policies to grant or deny access. For example, a rule can state that only users with the attribute type=managers and department=sales can access resources with the attribute type=employee records and action=read. ABAC can enforce dynamic and context-aware access control policies, and support complex scenarios involving multiple subjects, objects, and actions. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Identity and Access Management, page 294. Official (ISC)² CISSP CBK Reference, Fifth Edition, Domain 5: Identity and Access Management (IAM), page 607.