mandatory access control (MAC) - Glossary (2024)

    Glossary

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

mandatory access control (MAC)

Definitions:

An access control policy that is uniformly enforced across all subjects and objects within the boundary of an information system. A subject that has been granted access to information is constrained from doing any of the following: (i) passing the information to unauthorized subjects or objects; (ii) granting its privileges to other subjects; (iii) changing one or more security attributes on subjects, objects, the information system, or system components; (iv) choosing the security attributes to be associated with newly-created or modified objects; or (v) changing the rules governing access control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by some or all of the above constraints.
Sources:
CNSSI 4009-2015

See mandatory access control (MAC).
Sources:
CNSSI 4009-2015 under non-discretionary access control

means that access control policy decisions are made by a central authority, not by the individual owner of an object. User cannot change access rights. An example of MAC occurs in military security, where an individual data owner does not decide who has a top-secret clearance, nor can the owner change the classification of an object from top-secret to secret.
Sources:
NIST SP 800-192 under Mandatory access control (MAC)

A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.
Sources:
NIST SP 800-44 Version 2 under Mandatory Access Control

An access control policy that is uniformly enforced across all subjects and objects within a system. A subject that has been granted access to information is constrained from: passing the information to unauthorized subjects or objects; granting its privileges to other subjects; changing one or more security attributes on subjects, objects, the system, or system components; choosing the security attributes to be associated with newly created or modified objects; or changing the rules for governing access control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by some or all of the above constraints. Mandatory access control is considered a type of nondiscretionary access control.
Sources:
NIST SP 800-53 Rev. 5 under mandatory access control

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to [email protected].

See NISTIR 7298 Rev. 3 for additional details.

mandatory access control (MAC) - Glossary (2024)

FAQs

Mandatory access control (MAC) - Glossary? ›

Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system.

Read On
What are mandatory access controls MAC and non discretionary access controls? ›

MAC is also called a non-discretionary access control model, which means that control isn't granted at the discretion of the user or file owner. The control mechanisms of the MAC model enable organizations to implement zero-trust principles. MAC is considered one of the most secure access control models.

Discover More Details
What is the mandatory access control on a MAC? ›

NIST SP 800-192 under Mandatory access control (MAC) A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.

Continue Reading
What are the levels of mandatory access control? ›

In mandatory access control model, each file system object has a classification label such as, secret, top secret or confidential level. Each device and client is assigned a similar classification and clearance level. The security kernel determines the classification label of clients and resources.

See Details
What is access control list in MAC? ›

Access Control Lists, abbreviated ACLs, are an additional method to grant specific permissions to certain users. Apple introduced this technology in Mac OS X 10.4 “Tiger”, but it can be found in other Unix® operating systems and Microsoft® Windows as well.

Find Out More
What are the six main categories of access control? ›

The different types of access control include:
  • Attribute-based Access Control (ABAC)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role-Based Access Control (RBAC)
  • Break-glass Access Control.
  • Rule-based Access Control.

Tell Me More
What is an example of a non-discretionary access control? ›

Firewalls are an example of rule-based access. Active Directory user profiles are a form of role-based access. Role and Rule-based controls are called Non-Discretionary controls.

Show Me More
What are the cons of Mandatory Access Control? ›

Disadvantages:-

Regular Update Required: It requires regular updating when new data is added or old data is deleted. The administration is required to put some consideration into the MAC system and ACL list now and then. Lack of Flexibility: MAC system is not operationally flexible.

Explore More
What is the difference between RBAC and MAC? ›

Role-based access control (RBAC) is an alternative approach to mandatory access control (MAC) and discretionary access control (DAC) for the purpose of restricting system access to authorized users. RBAC is policy neutral.

Continue Reading
How does ABAC work? ›

ABAC is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of entities (subject and object), operations, and the environment relevant to a request.

Show Me More

What are the 5 D's of access control? ›

But what are the 5Ds of access control? They deter, detect, deny, delay, and defend. Each is equally important. The security of your building, its assets, and most importantly, its people, are your top priority.

Read The Full Story
What are the four 4 main access control model? ›

Access control and access control models

There are four types of access control methods: Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Rule-Based Access Control (RBAC or RB-RBAC).

See Details
What are the features of mandatory controls? ›

Mandatory access control is a centrally-managed access system. MAC assigns each network user a security level. It also assigns objects on the network with security attributes such as clearance levels and group identities.

Get More Info Here
What is a use for mandatory access control MAC? ›

Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system.

Continue Reading
What is the MAC model of access control? ›

A MAC model determines access to resources using a hierarchical structure. It compares the security label of the user requesting access against the security label of the resource. Access is denied if the user's security label is lower than the resource's security label.

View More
What is the difference between discretionary and mandatory access control? ›

The main difference between discretionary access control and mandatory access control is the key factor of controlling resource access. In discretionary access control, access is controlled by the resource users, while in mandatory access control, access is controlled by the system.

View Details
What is the difference between MAC and DAC access control? ›

Discretionary Access Control (DAC) is a strategy that grants users control over their own data. Unlike MAC, where access decisions are made by the system administrators or developers, DAC allows the data owners to decide who can access their data and what actions they can perform.

See More
Which controls are also known as non-discretionary measures of control? ›

RBAC, also known as a non-discretionary access control, is used when system administrators need to assign rights based on organizational roles instead of individual user accounts within an organization.

Learn More
What are the two main types of access control lists? ›

Standard vs extended ACLs: There are two main categories of ACLs: standard ACL and extended ACL. The standard ACL does not differentiate between IP traffic; instead, it allows or blocks traffic based on the source IP address.

Discover More Details
Top Articles
Skydio starts shipping first X2 enterprise drones with prices from $10,999
Capella University - Legal, Regulatory, & Accreditation Information
What Did Bimbo Airhead Reply When Asked
Dainty Rascal Io
Skyward Sinton
Soap2Day Autoplay
Women's Beauty Parlour Near Me
Sunday World Northern Ireland
Tcu Jaggaer
Connexus Outage Map
454 Cu In Liters
Magicseaweed Capitola
Kaomoji Border
Nyuonsite
Louisiana Sportsman Classifieds Guns
Soccer Zone Discount Code
Cambridge Assessor Database
The best firm mattress 2024, approved by sleep experts
Accident On The 210 Freeway Today
Nz Herald Obituary Notices
Dragger Games For The Brain
Drug Test 35765N
Okc Body Rub
Regal Amc Near Me
48 Oz Equals How Many Quarts
Craigslist Rentals Coquille Oregon
Jazz Total Detox Reviews 2022
Ups Drop Off Newton Ks
Helpers Needed At Once Bug Fables
Warren County Skyward
Mobile Maher Terminal
Royal Caribbean Luggage Tags Pending
Junee Warehouse | Imamother
Andhra Jyothi Telugu News Paper
Www Craigslist Com Brooklyn
Orion Nebula: Facts about Earth’s nearest stellar nursery
Section 212 at MetLife Stadium
Wait List Texas Roadhouse
Jaefeetz
Interminable Rooms
How to Connect Jabra Earbuds to an iPhone | Decortweaks
Haunted Mansion Showtimes Near Millstone 14
Erica Mena Net Worth Forbes
60 Second Burger Run Unblocked
Black Adam Showtimes Near Kerasotes Showplace 14
Diccionario De Los Sueños Misabueso
Joe Bartosik Ms
Grandma's Portuguese Sweet Bread Recipe Made from Scratch
Noelleleyva Leaks
How To Connect To Rutgers Wifi
Unbiased Thrive Cat Food Review In 2024 - Cats.com
Used Curio Cabinets For Sale Near Me
Latest Posts
Strengths & Weaknesses of Generation Z (Examples + Test)
AAA Visa Credit Card | AAA Northeast
Article information

Author: Dr. Pierre Goyette

Last Updated:

Views: 6340

Rating: 5 / 5 (50 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Dr. Pierre Goyette

Birthday: 1998-01-29

Address: Apt. 611 3357 Yong Plain, West Audra, IL 70053

Phone: +5819954278378

Job: Construction Director

Hobby: Embroidery, Creative writing, Shopping, Driving, Stand-up comedy, Coffee roasting, Scrapbooking

Introduction: My name is Dr. Pierre Goyette, I am a enchanting, powerful, jolly, rich, graceful, colorful, zany person who loves writing and wants to share my knowledge and understanding with you.