Which security control should be implemented by a cloud services administrator to ensure that the handling of classified data is managed strictly by organizational policy, with access permissions determined by a central authority without any discretion left to the individual or entity owning the data?
Adopt an extensive discretionary access control (DAC) system with classifications
Use attribute-based access control (ABAC) employing classification attributes as policy criteria
Implement mandatory access control (MAC) with security labels
Utilize role-based access control (RBAC) with predefined roles incorporating data classification levels
Mandatory access control (MAC) is the correct answer because it is characterized by the lack of discretion in the hands of resource owners and is based on centrally defined policies, which mandate the ways in which data is accessed. Under MAC, entities are given permissions by a central authority based on security labels, which is a necessity when dealing with highly classified data. In contrast, DAC allows owners to have discretion over their resources, and while RBAC and ABAC can be policy-driven, they inherently provide a level of discretion or are based on attributes, which is not the stringent requirement specified in this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are security labels in the context of MAC?
Open an interactive chat with Bash
How does MAC compare to other access control methods like DAC or RBAC?