AC-03(15) Discretionary and Mandatory Access Control
(a) Enforce ac-3.15_prm_1 over the set of covered subjects and objects specified in the policy; and
(b) Enforce ac-3.15_prm_2 over the set of covered subjects and objects specified in the policy.
| Parameter ID | Definition |
|---|---|
| ac-3.15_prm_1 | organization-defined mandatory access control policy |
| ac-3.15_prm_2 | organization-defined discretionary access control policy |
| ac-03.15_odp.01 | mandatory access control policy |
| ac-03.15_odp.02 | mandatory access control policy |
| ac-03.15_odp.03 | discretionary access control policy |
| ac-03.15_odp.04 | discretionary access control policy |
Baselines
- L
- M
- H
- P
Guidance
Simultaneously implementing a mandatory access control policy and a discretionary access control policy can provide additional protection against the unauthorized execution of code by users or processes acting on behalf of users. This helps prevent a single compromised user or process from compromising the entire system.
Related controls 3
- SC-02 Separation of System and User Functionality L M H P
- SC-03 Security Function Isolation L M H P
- AC-04 Information Flow Enforcement L M H P