An organization is implementing a new access control scheme to protect its highly sensitive data. The requirements state that access must be based on predefined security labels (e.g., Confidential, Secret, Top Secret) assigned to both resources and users. User discretion in granting access is strictly forbidden. Which access control model BEST fits these requirements?
Mandatory Access Control (MAC) is the correct model because it restricts access based on the sensitivity of the information and the user's clearance level. In a MAC system, security labels are assigned to all subjects (users) and objects (resources), and access is granted only if the subject's clearance is equal to or higher than the object's classification. This model is centrally controlled and does not allow users to grant access at their own discretion, making it common in military and high-security government environments.
Discretionary Access Control (DAC) is incorrect because it allows the owner of a resource to determine who can access it, which is explicitly forbidden by the requirements.
Role-Based Access Control (RBAC) grants access based on a user's job function or role within the organization, not on security labels and clearance levels.
Attribute-Based Access Control (ABAC) is a more dynamic model that grants access based on a combination of attributes of the user, resource, and environment. While powerful, it is not the BEST fit for the specific requirement of static security labels and clearance levels described.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.