34,333
edits
Changes
no edit summary
Mandatory Access Control (MAC) is the strictest of all levels of control. The design of MAC was defined, and is primarily used by the government.
<google>ADSDAQBOX_FLOW</google>
MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced environment access to all resource objects (such as data files) is controlled by settings defined by the system administrator. As such, all access to resource objects is strictly contolled controlled by the operating system based on system administrator configured settings. It is not possible under MAC enforcement for users to change the access control of a resource.
Mandatory Access Control begins with ''security labels'' assigned to all resource objects on the system. These security labels contain two pieces of information - a classification (top secret, confidential etc) and a category (which is essentially an indication of the management level, department or project to which the object is available).
