Mandatory Access Control (MAC)
Mandatory Access Control (MAC): An access control policy that is uniformly enforced across all sub jects and objects within the boundary of an information…
Definition
An access control policy that is uniformly enforced across all sub jects and objects within the boundary of an information system. A subject that has been gr anted access to information is constrained from doing any of the following: (i) passin g the information to unauthorized subjects or objects; (ii) granting its privileges to other sub jects; (iii) changing one or more security attributes on subjects, objects, the information system, or system components; (iv) choosing the security attributes to be associated w ith newly- created or modified objects; or (v) changing the rules governing acce ss control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by so me or all of the above constraints.
Alternative Definitions
- Definition 2
A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity. (SP 800-44) (NISTIR)