What is Mandatory Access Control (MAC)?
D1 ยท General ยท CompTIA Security+ SY0-701MAC (Mandatory Access Control) is the most restrictive access control model โ the operating system (not users or admins) enforces access decisions based on security labels assigned to subjects (users/processes) and objects (files/resources).
Users cannot change permissions even on their own files. The OS makes all access decisions based on sensitivity labels (Top Secret, Secret, etc.) and subject clearance levels.
Used in: military/government systems (SELinux, Trusted Solaris), highly classified environments.
Users cannot change permissions even on their own files. The OS makes all access decisions based on sensitivity labels (Top Secret, Secret, etc.) and subject clearance levels.
Used in: military/government systems (SELinux, Trusted Solaris), highly classified environments.
Access control models: MAC (OS enforces, labels, most restrictive), DAC (owner controls, most flexible โ Windows/Linux default), RBAC (role-based, common in enterprise), ABAC (attribute-based, most flexible/granular). Bell-LaPadula model enforces MAC: "no read up, no write down" (confidentiality).