A cloud service provider must maintain a strict data security policy due to handling multiple clients with varying levels of sensitive information. They need an access control method which enforces security policies that prevent users from sharing resources unless explicitly permitted by the policy, based on their security clearance and the data classification. Every access attempt must be compared against a set of policy rules before being granted. Which security control model should be implemented?
The correct answer is Mandatory access control (MAC), as it enforces security policies that are centrally controlled by a security policy administrator. Users do not have the ability to override the policy or share resources unless the policy permits them to do so, making it suitable for environments with stringent security requirements. All access attempts are compared against the policy, which maintains a high level of security. Attribute-Based Access Control (ABAC) allows policies to use multiple attributes (user, resource, environment) to make access decisions, which can be more flexible but less strict than MAC. Role-Based Access Control (RBAC) is not necessarily tied to data classification or clearance levels. Access Control Lists (ACLs) are used to specify which users or system processes are granted access to objects; they don't inherently provide the systematic, policy-driven approach required in the scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What makes Mandatory Access Control (MAC) different from other access control models?
Open an interactive chat with Bash
Can you explain the concept of data classification in the context of MAC?
Open an interactive chat with Bash
What are the limitations of using Role-Based Access Control (RBAC) compared to MAC?