A government agency is implementing an access control system for its classified data. The system must enforce a strict, centrally managed policy where access decisions are based on security labels (e.g., 'Confidential', 'Secret', 'Top Secret') assigned to both users and data objects. End-users must not be able to alter permissions for the resources they create. Which access control model best meets these requirements?
The correct answer is Mandatory Access Control (MAC). MAC is a centralized access control model where the system enforces access based on security labels assigned to subjects (users) and objects (data). This model is common in high-security environments like government and military agencies, as described in the scenario. In a MAC system, users cannot change permissions, which aligns with the requirement. Discretionary Access Control (DAC) is incorrect because it allows resource owners to set permissions at their discretion. Role-Based Access Control (RBAC) bases access on a user's job function or role, not directly on data classification labels. Attribute-Based Access Control (ABAC) is a dynamic model that uses multiple attributes for access decisions, but MAC is the specific model defined by the use of centrally-enforced security clearance labels.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are security labels in Mandatory Access Control systems?
Open an interactive chat with Bash
How does Mandatory Access Control differ from Discretionary Access Control?
Open an interactive chat with Bash
Why is Mandatory Access Control important for security?