Which of the following access control models introduces user security clearance and data classification?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The mandatory access control model is based on a security label system.
Users are given a security clearance and data is classified.
The classification is stored in the security labels of the resources.
Classification labels specify the level of trust a user must have to access a certain file.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (Page 154).
The access control models listed in the question are different approaches to managing and enforcing access to resources, such as files, applications, and systems, based on predefined policies.
A. Role-based access control (RBAC) is a model that assigns permissions and privileges based on the role or job function of the user. This model is easy to manage, but it does not take into account the sensitivity of the data or the clearance level of the user.
B. Discretionary access control (DAC) is a model that allows the owner or creator of a resource to determine who can access it and what actions they can perform. This model provides a high level of flexibility, but it can also lead to security vulnerabilities if access rights are not properly managed.
C. Non-discretionary access control (NDAC) is a model that assigns access rights based on predefined rules and regulations. This model is commonly used in government agencies and military organizations.
D. Mandatory access control (MAC) is a model that enforces strict rules and policies based on the sensitivity of the data and the clearance level of the user. This model is commonly used in high-security environments, such as military and intelligence agencies.
Out of the options listed, the correct answer is D. Mandatory access control (MAC) introduces user security clearance and data classification. This model ensures that users can only access resources that they are authorized to access based on their clearance level, and it ensures that the sensitivity of the data is taken into account when assigning access rights.