Mandatory Access Control
What is Mandatory Access Control?
Mandatory Access Control, or MAC, is an access control model in which access decisions are enforced by a central authority using security labels and classifications, not by the individual owner of the resource.
Examples
- A government system allows users to read classified documents only if their clearance level and need to know match the document's security label.
- A military network uses centrally enforced labels so even a file creator cannot decide to share sensitive data with someone who lacks the required clearance.
Discover 🔎
Some environments cannot rely on users making their own sharing decisions. When the information is highly sensitive, the organization may need much tighter control over who can see it, who can change it, and how it moves between classification levels. In those cases, flexibility becomes less important than strict enforcement.
That is where Mandatory Access Control stands out. MAC is designed for situations where access rules must be imposed centrally and followed consistently, even if the person using or creating the file would prefer something different. This makes MAC very different from more flexible models that give resource owners discretion over sharing.
Summary 📝
Mandatory Access Control is an access model that enforces centrally defined security policy using labels, classifications, and clearances. Its defining feature is that users do not control sharing decisions for protected resources. MAC is most useful in high-security environments where strong confidentiality and strict information control matter more than flexibility.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.