Mandatory access controls (MAC) are a set of security policies that are enforced by the operating system or security kernel, rigidly dictating who has access to a system's resources. The reason why MAC is the correct answer is this type of control does not allow individual users to change permissions; instead, the operating system or security policy administers the access controls. Unlike Discretionary access controls (DAC), where the users have control over the permissions of their own files, and Role-based access control (RBAC), where access is granted based on a user's role within an organization, MAC ensures strict adherence to security policies at a system level.