Mandatory Access Control

Definition: Mandatory access control is a phrase that refers to one of three methods for controlling the use of an information infrastructure. MAC allows for a tighter or more granular control over the organization’s security policies. A level of security classification (i.e. confidential) is assigned to all information assets and each user of the system is assigned an appropriate level of privileges. The ability to accesss and use an information asset is restricted, therefore, by “levels of clearance”. MAC also addresses the matter of who can read and who can write (or modify) information resources. All should be controlled by formal security policies.

Its Relevance: MAC provides for the highest level of control over the right to use information resources. However, the method also requires the greatest amount of overhead or maintenance due to the required level of detail. Authorization privileges by groups provide for a more robust information security.

Return from "Mandatory Access Control" to Words [M - O]