Mandatory access control

nounid 3216·updated May 9, 2026

candidate

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

A means of restricting access to objects based on the sensitivity (as represented by a security label) of the information contained in the objects and the formal authorization (i.e., clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity.

polysemousMWE

Classifications

per-axis with provenance

Entity Type

Control95%rule-basedr:entity.control.safeguard.v1

Sensitivity

unclassified

Information Class

unclassified

Variants

4 surface forms

acronym: MAC
plural: Mandatory access controls
possessive: Mandatory access control's
pluralpossessive: Mandatory access controls'

Framework definitions

8 senses across 6 frameworks

SANS Glossary of Security Terms1 senseview framework →

§1: Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. These controls cannot be changed by anyone.

ISACA Cybersecurity Glossary1 senseview framework →

§1: A means of restricting access to data based on varying degrees of security requirements for information contained in the objects and the corresponding security clearance of users or programs acting on their behalf

NISTIR 7298: Glossary of Key Information Security Terms, Revision 23 sensesview framework →

§1: A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.
§2 · sense_2_pending_review: Access controls (which) are driven by the results of a comparison between the user’s trust level or clearance and the sensitivity designation of the information.
§3 · sense_3_pending_review: A means of restricting access to objects based on the sensitivity (as represented by a security label) of the information contained in the objects and the formal authorization (i.e., clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity.

CNSSI-4009 (Glossary of Information Assurance Terms)1 senseview framework →

§1: A means of restricting access to objects based on the sensitivity (as represented by a security label) of the information contained in the objects and the formal authorization (i.e., clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity.

FIPS PUB 1911 senseview framework →

§1: Access controls (which) are driven by the results of a comparison between the user’s trust level or clearance and the sensitivity designation of the information.

NIST SP 800-441 senseview framework →

§1: A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.

Outgoing relationships

term as subject — 0 triples

No outgoing triples

This term is not the subject of any RDF-style relationship yet.

Incoming relationships

term as object — 0 triples

No incoming triples

No other term currently asserts a relationship to this one.