diff --git a/build/dependencies.txt b/build/dependencies.txt
index a5661c04da39..579ff3ce444a 100644
--- a/build/dependencies.txt
+++ b/build/dependencies.txt
@@ -111,7 +111,7 @@ net.sf.geographiclib:GeographicLib-Java:1.49:compile
 net.sf.saxon:Saxon-HE:12.4:compile
 org.antlr:antlr4-runtime:4.7.2:compile
 org.antlr:antlr4-runtime:4.9.3:compile
-org.apache.accumulo:accumulo-access:1.0.0-beta:compile
+org.apache.accumulo:accumulo-access-core:1.0.0-beta3:compile
 org.apache.accumulo:accumulo-core:2.1.4:compile
 org.apache.accumulo:accumulo-hadoop-mapreduce:2.1.4:compile
 org.apache.arrow:arrow-format:19.0.0:compile
diff --git a/docs/user/upgrade/6.0.0.rst b/docs/user/upgrade/6.0.0.rst
index 8a29e724915e..4582fb7fce9b 100644
--- a/docs/user/upgrade/6.0.0.rst
+++ b/docs/user/upgrade/6.0.0.rst
@@ -37,6 +37,7 @@ Dependency Version Upgrades
 
 The following dependencies have been upgraded:
 
+* accumulo-access ``1.0.0-beta`` -> ``1.0.0-beta3``
 * arrow ``18.3.0`` -> ``19.0.0``
 * commons-codec ``1.17.1`` -> ``1.18.0``
 * commons-lang ``3.15.0`` -> ``3.20.0``
diff --git a/geomesa-fs/geomesa-fs-storage/geomesa-fs-storage-core/src/main/scala/org/locationtech/geomesa/fs/storage/core/observer/s3/S3VisibilityObserver.scala b/geomesa-fs/geomesa-fs-storage/geomesa-fs-storage-core/src/main/scala/org/locationtech/geomesa/fs/storage/core/observer/s3/S3VisibilityObserver.scala
index b6f0bec01a64..167cfd365146 100644
--- a/geomesa-fs/geomesa-fs-storage/geomesa-fs-storage-core/src/main/scala/org/locationtech/geomesa/fs/storage/core/observer/s3/S3VisibilityObserver.scala
+++ b/geomesa-fs/geomesa-fs-storage/geomesa-fs-storage-core/src/main/scala/org/locationtech/geomesa/fs/storage/core/observer/s3/S3VisibilityObserver.scala
@@ -10,7 +10,6 @@ package org.locationtech.geomesa.fs.storage.core
 package observer
 package s3
 
-import org.apache.accumulo.access.AccessExpression
 import org.geotools.api.feature.simple.SimpleFeature
 import org.locationtech.geomesa.fs.storage.core.fs.S3ObjectStore
 import org.locationtech.geomesa.security.SecurityUtils
@@ -52,10 +51,9 @@ class S3VisibilityObserver(path: URI, s3: S3AsyncClient, tag: String) extends Fi
 
   private def makeTagRequest(bucket: String, key: String): Unit = {
     if (visibilities.nonEmpty) {
-      val vis = visibilities.mkString("(", ")&(", ")")
-      // this call simplifies and de-duplicates the expression
-      val expression = AccessExpression.of(vis, /*normalize = */true).getExpression
-      val visibility = Base64.getEncoder.encodeToString(expression.getBytes(StandardCharsets.UTF_8))
+      val vis = visibilities.toList.sorted.mkString("(", ")&(", ")")
+      // TODO simplify and de-duplicates the expression
+      val visibility = Base64.getEncoder.encodeToString(vis.getBytes(StandardCharsets.UTF_8))
       val tagging = Tagging.builder().tagSet(Tag.builder.key(tag).value(visibility).build()).build()
       val request = PutObjectTaggingRequest.builder.bucket(bucket).key(key).tagging(tagging).build()
       s3.putObjectTagging(request).join()
diff --git a/geomesa-security/pom.xml b/geomesa-security/pom.xml
index 65049380f8db..388e17226d26 100644
--- a/geomesa-security/pom.xml
+++ b/geomesa-security/pom.xml
@@ -17,7 +17,7 @@
         </dependency>
         <dependency>
             <groupId>org.apache.accumulo</groupId>
-            <artifactId>accumulo-access</artifactId>
+            <artifactId>accumulo-access-core</artifactId>
         </dependency>
 
         <!-- provided dependencies -->
diff --git a/geomesa-security/src/main/scala/org/locationtech/geomesa/security/VisibilityUtils.scala b/geomesa-security/src/main/scala/org/locationtech/geomesa/security/VisibilityUtils.scala
index 436fac3738d6..f2488ade3a7e 100644
--- a/geomesa-security/src/main/scala/org/locationtech/geomesa/security/VisibilityUtils.scala
+++ b/geomesa-security/src/main/scala/org/locationtech/geomesa/security/VisibilityUtils.scala
@@ -8,7 +8,7 @@
 
 package org.locationtech.geomesa.security
 
-import org.apache.accumulo.access.{AccessEvaluator, Authorizations}
+import org.apache.accumulo.access.Access
 import org.geotools.api.feature.simple.SimpleFeature
 
 import scala.util.control.NonFatal
@@ -24,16 +24,17 @@ object VisibilityUtils {
    * @param provider auth provider
    * @return
    */
-  def visible(provider: AuthorizationsProvider): IsVisible = new AuthVisibilityCheck(provider.getAuthorizations)
+  def visible(provider: AuthorizationsProvider): IsVisible =
+    new AuthVisibilityCheck(new java.util.HashSet[String](provider.getAuthorizations))
 
   /**
    * Parses any visibilities in the feature and compares with the user's authorizations
    *
    * @param auths authorizations for the current user
    */
-  private class AuthVisibilityCheck(auths: java.util.List[String]) extends (SimpleFeature => Boolean) {
+  private class AuthVisibilityCheck(auths: java.util.Set[String]) extends (SimpleFeature => Boolean) {
 
-    private val access = AccessEvaluator.of(Authorizations.of(auths))
+    private val access = Access.builder().build().newEvaluator(auths)
     private val cache = scala.collection.mutable.Map.empty[String, Boolean]
 
     /**
diff --git a/geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/IsVisibleFilterFunction.scala b/geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/IsVisibleFilterFunction.scala
index b451f8e445a0..679dff25de5d 100644
--- a/geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/IsVisibleFilterFunction.scala
+++ b/geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/IsVisibleFilterFunction.scala
@@ -9,7 +9,7 @@
 package org.locationtech.geomesa.security.filter
 
 import com.github.benmanes.caffeine.cache.{CacheLoader, Caffeine}
-import org.apache.accumulo.access.AccessEvaluator
+import org.apache.accumulo.access.{Access, AccessEvaluator}
 import org.geotools.api.filter.Filter
 import org.geotools.api.filter.capability.FunctionName
 import org.geotools.api.filter.expression.Expression
@@ -70,7 +70,8 @@ object IsVisibleFilterFunction {
 
   private val evaluatorCache = Caffeine.newBuilder().expireAfterAccess(Duration.ofMinutes(5)).build(
     new CacheLoader[String, AccessEvaluator]() {
-      override def load(auths: String): AccessEvaluator = AccessEvaluator.of(auths.split(','): _*)
+      override def load(auths: String): AccessEvaluator =
+        Access.builder().build().newEvaluator(new java.util.HashSet[String](java.util.Arrays.asList(auths.split(','): _*)))
     }
   )
 
diff --git a/geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/VisibilityFilterFunction.scala b/geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/VisibilityFilterFunction.scala
index f6f83d3254b1..2a6a46ad7d33 100644
--- a/geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/VisibilityFilterFunction.scala
+++ b/geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/VisibilityFilterFunction.scala
@@ -8,7 +8,7 @@
 
 package org.locationtech.geomesa.security.filter
 
-import org.apache.accumulo.access.{AccessEvaluator, Authorizations}
+import org.apache.accumulo.access.Access
 import org.geotools.api.feature.simple.SimpleFeature
 import org.geotools.api.filter.capability.FunctionName
 import org.geotools.api.filter.expression.Expression
@@ -24,8 +24,8 @@ class VisibilityFilterFunction extends FunctionExpressionImpl(VisibilityFilterFu
 
   private val cache = scala.collection.mutable.Map.empty[String, java.lang.Boolean]
 
-  private val auths = Authorizations.of(VisibilityFilterFunction.provider.getAuthorizations)
-  private val access = AccessEvaluator.of(auths)
+  private val access =
+    Access.builder().build().newEvaluator(new java.util.HashSet[String](VisibilityFilterFunction.provider.getAuthorizations))
 
   private var expression: Expression = _
 
diff --git a/geomesa-tools/src/main/scala/org/locationtech/geomesa/tools/ingest/UpdateFeaturesCommand.scala b/geomesa-tools/src/main/scala/org/locationtech/geomesa/tools/ingest/UpdateFeaturesCommand.scala
index 88f40f3431f1..ab39ad7bbcf0 100644
--- a/geomesa-tools/src/main/scala/org/locationtech/geomesa/tools/ingest/UpdateFeaturesCommand.scala
+++ b/geomesa-tools/src/main/scala/org/locationtech/geomesa/tools/ingest/UpdateFeaturesCommand.scala
@@ -9,7 +9,7 @@
 package org.locationtech.geomesa.tools.ingest
 
 import com.beust.jcommander.{IParameterValidator, IStringConverter, Parameter, ParameterException}
-import org.apache.accumulo.access.{AccessExpression, IllegalAccessExpressionException}
+import org.apache.accumulo.access.Access
 import org.geotools.api.data.{DataStore, Transaction}
 import org.geotools.api.filter.Filter
 import org.geotools.filter.text.ecql.ECQL
@@ -101,7 +101,7 @@ object UpdateFeaturesCommand {
     var visibility: String = _
   }
 
-  class TupleConverter extends IStringConverter[(String, String)] {
+  private class TupleConverter extends IStringConverter[(String, String)] {
     override def convert(value: String): (String, String) = {
       value.split("=", 2) match {
         case Array(one, two) => (one, two)
@@ -109,7 +109,7 @@ object UpdateFeaturesCommand {
     }
   }
 
-  class TupleValidator extends IParameterValidator {
+  private class TupleValidator extends IParameterValidator {
     @throws[ParameterException]
     override def validate(name: String, value: String): Unit = {
       if (value == null || value.isEmpty || value.indexOf('=') == -1) {
@@ -118,11 +118,11 @@ object UpdateFeaturesCommand {
     }
   }
 
-  class VisibilityValidator extends IParameterValidator {
+  private class VisibilityValidator extends IParameterValidator {
     @throws[ParameterException]
     override def validate(name: String, value: String): Unit = {
-      try { AccessExpression.validate(value) } catch {
-        case e: IllegalAccessExpressionException =>
+      try { Access.builder().build().validateExpression(value) } catch {
+        case e: IllegalArgumentException =>
           throw new ParameterException(s"Parameter $name $value is not a valid visibility: ${e.getMessage}", e)
       }
     }
diff --git a/pom.xml b/pom.xml
index dcec3d412eed..c6c7a7548d0c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,7 +65,7 @@
         <ejml.version>0.41</ejml.version> <!-- needs to track with gt/gs version -->
 
         <!-- direct dependencies -->
-        <accumulo.access.version>1.0.0-beta</accumulo.access.version>
+        <accumulo.access.version>1.0.0-beta3</accumulo.access.version>
         <arrow.version>19.0.0</arrow.version>
         <avro.version>1.11.4</avro.version>
         <aws.analyticsaccelerator.version>1.3.1</aws.analyticsaccelerator.version>
@@ -1139,7 +1139,7 @@
 
             <dependency>
                 <groupId>org.apache.accumulo</groupId>
-                <artifactId>accumulo-access</artifactId>
+                <artifactId>accumulo-access-core</artifactId>
                 <version>${accumulo.access.version}</version>
             </dependency>
             <dependency>