mandatory access control (MAC) - Glossary (2024)

    Glossary

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

mandatory access control (MAC)

Definitions:

An access control policy that is uniformly enforced across all subjects and objects within the boundary of an information system. A subject that has been granted access to information is constrained from doing any of the following: (i) passing the information to unauthorized subjects or objects; (ii) granting its privileges to other subjects; (iii) changing one or more security attributes on subjects, objects, the information system, or system components; (iv) choosing the security attributes to be associated with newly-created or modified objects; or (v) changing the rules governing access control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by some or all of the above constraints.
Sources:
CNSSI 4009-2015

See mandatory access control (MAC).
Sources:
CNSSI 4009-2015 under non-discretionary access control

means that access control policy decisions are made by a central authority, not by the individual owner of an object. User cannot change access rights. An example of MAC occurs in military security, where an individual data owner does not decide who has a top-secret clearance, nor can the owner change the classification of an object from top-secret to secret.
Sources:
NIST SP 800-192 under Mandatory access control (MAC)

A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.
Sources:
NIST SP 800-44 Version 2 under Mandatory Access Control

An access control policy that is uniformly enforced across all subjects and objects within a system. A subject that has been granted access to information is constrained from: passing the information to unauthorized subjects or objects; granting its privileges to other subjects; changing one or more security attributes on subjects, objects, the system, or system components; choosing the security attributes to be associated with newly created or modified objects; or changing the rules for governing access control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by some or all of the above constraints. Mandatory access control is considered a type of nondiscretionary access control.
Sources:
NIST SP 800-53 Rev. 5 under mandatory access control

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to [email protected].

See NISTIR 7298 Rev. 3 for additional details.

mandatory access control (MAC) - Glossary (2024)

FAQs

Mandatory access control (MAC) - Glossary? ›

Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system.

Read On
What are mandatory access controls MAC and non discretionary access controls? ›

MAC is also called a non-discretionary access control model, which means that control isn't granted at the discretion of the user or file owner. The control mechanisms of the MAC model enable organizations to implement zero-trust principles. MAC is considered one of the most secure access control models.

Discover More Details
What is the mandatory access control on a MAC? ›

NIST SP 800-192 under Mandatory access control (MAC) A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.

Continue Reading
What are the levels of mandatory access control? ›

In mandatory access control model, each file system object has a classification label such as, secret, top secret or confidential level. Each device and client is assigned a similar classification and clearance level. The security kernel determines the classification label of clients and resources.

See Details
What is access control list in MAC? ›

Access Control Lists, abbreviated ACLs, are an additional method to grant specific permissions to certain users. Apple introduced this technology in Mac OS X 10.4 “Tiger”, but it can be found in other Unix® operating systems and Microsoft® Windows as well.

Find Out More
What are the six main categories of access control? ›

The different types of access control include:
  • Attribute-based Access Control (ABAC)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role-Based Access Control (RBAC)
  • Break-glass Access Control.
  • Rule-based Access Control.

Tell Me More
What is an example of a non-discretionary access control? ›

Firewalls are an example of rule-based access. Active Directory user profiles are a form of role-based access. Role and Rule-based controls are called Non-Discretionary controls.

Show Me More
What are the cons of Mandatory Access Control? ›

Disadvantages:-

Regular Update Required: It requires regular updating when new data is added or old data is deleted. The administration is required to put some consideration into the MAC system and ACL list now and then. Lack of Flexibility: MAC system is not operationally flexible.

Explore More
What is the difference between RBAC and MAC? ›

Role-based access control (RBAC) is an alternative approach to mandatory access control (MAC) and discretionary access control (DAC) for the purpose of restricting system access to authorized users. RBAC is policy neutral.

Continue Reading
How does ABAC work? ›

ABAC is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of entities (subject and object), operations, and the environment relevant to a request.

Show Me More

What are the 5 D's of access control? ›

But what are the 5Ds of access control? They deter, detect, deny, delay, and defend. Each is equally important. The security of your building, its assets, and most importantly, its people, are your top priority.

Read The Full Story
What are the four 4 main access control model? ›

Access control and access control models

There are four types of access control methods: Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Rule-Based Access Control (RBAC or RB-RBAC).

See Details
What are the features of mandatory controls? ›

Mandatory access control is a centrally-managed access system. MAC assigns each network user a security level. It also assigns objects on the network with security attributes such as clearance levels and group identities.

Get More Info Here
What is a use for mandatory access control MAC? ›

Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system.

Continue Reading
What is the MAC model of access control? ›

A MAC model determines access to resources using a hierarchical structure. It compares the security label of the user requesting access against the security label of the resource. Access is denied if the user's security label is lower than the resource's security label.

View More
What is the difference between discretionary and mandatory access control? ›

The main difference between discretionary access control and mandatory access control is the key factor of controlling resource access. In discretionary access control, access is controlled by the resource users, while in mandatory access control, access is controlled by the system.

View Details
What is the difference between MAC and DAC access control? ›

Discretionary Access Control (DAC) is a strategy that grants users control over their own data. Unlike MAC, where access decisions are made by the system administrators or developers, DAC allows the data owners to decide who can access their data and what actions they can perform.

See More
Which controls are also known as non-discretionary measures of control? ›

RBAC, also known as a non-discretionary access control, is used when system administrators need to assign rights based on organizational roles instead of individual user accounts within an organization.

Learn More
What are the two main types of access control lists? ›

Standard vs extended ACLs: There are two main categories of ACLs: standard ACL and extended ACL. The standard ACL does not differentiate between IP traffic; instead, it allows or blocks traffic based on the source IP address.

Discover More Details
Top Articles
The Top 10 Richest People In The World (December 2023)
Age Is Just A Number! When The World's Youngest Billionaires Lucked Out Before They Turned 50
Ups Stores Near
Tmf Saul's Investing Discussions
7 Verification of Employment Letter Templates - HR University
Quick Pickling 101
Craigslist Vans
Nyu Paralegal Program
Toyota Campers For Sale Craigslist
라이키 유출
U.S. Nuclear Weapons Complex: Y-12 and Oak Ridge National Laboratory…
Taylor Swift Seating Chart Nashville
Mens Standard 7 Inch Printed Chappy Swim Trunks, Sardines Peachy
4156303136
Hair Love Salon Bradley Beach
Drago Funeral Home & Cremation Services Obituaries
Clear Fork Progress Book
Georgia Vehicle Registration Fees Calculator
Spider-Man: Across The Spider-Verse Showtimes Near Marcus Bay Park Cinema
Royal Cuts Kentlands
ZURU - XSHOT - Insanity Mad Mega Barrel - Speelgoedblaster - Met 72 pijltjes | bol
Ruse For Crashing Family Reunions Crossword
Selfservice Bright Lending
Doublelist Paducah Ky
Who is Jenny Popach? Everything to Know About The Girl Who Allegedly Broke Into the Hype House With Her Mom
683 Job Calls
Www.craigslist.com Austin Tx
Sandals Travel Agent Login
1 Filmy4Wap In
What Individuals Need to Know When Raising Money for a Charitable Cause
Craigslist Ludington Michigan
Pacman Video Guatemala
Motorcycle Blue Book Value Honda
Wolfwalkers 123Movies
Delta Math Login With Google
James Ingram | Biography, Songs, Hits, & Cause of Death
Jeep Cherokee For Sale By Owner Craigslist
Eaccess Kankakee
6143 N Fresno St
Green Bay Crime Reports Police Fire And Rescue
Frommer's Philadelphia & the Amish Country (2007) (Frommer's Complete) - PDF Free Download
Complete List of Orange County Cities + Map (2024) — Orange County Insiders | Tips for locals & visitors
Unveiling Gali_gool Leaks: Discoveries And Insights
How to Connect Jabra Earbuds to an iPhone | Decortweaks
Vci Classified Paducah
Minterns German Shepherds
Verizon Forum Gac Family
Smoke From Street Outlaws Net Worth
Sam's Club Fountain Valley Gas Prices
Inside the Bestselling Medical Mystery 'Hidden Valley Road'
Saw X (2023) | Film, Trailer, Kritik
Latest Posts
Jeff Bezos vows to give away most of fortune – and hands Dolly Parton $100m
5 richest queens of all time – net worths, ranked: Empress Wu to Cleopatra
Article information

Author: Dr. Pierre Goyette

Last Updated:

Views: 6340

Rating: 5 / 5 (50 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Dr. Pierre Goyette

Birthday: 1998-01-29

Address: Apt. 611 3357 Yong Plain, West Audra, IL 70053

Phone: +5819954278378

Job: Construction Director

Hobby: Embroidery, Creative writing, Shopping, Driving, Stand-up comedy, Coffee roasting, Scrapbooking

Introduction: My name is Dr. Pierre Goyette, I am a enchanting, powerful, jolly, rich, graceful, colorful, zany person who loves writing and wants to share my knowledge and understanding with you.