AC-03(15) Discretionary and Mandatory Access Control
(a) Enforce ac-3.15_prm_1 over the set of covered subjects and objects specified in the policy; and
(b) Enforce ac-3.15_prm_2 over the set of covered subjects and objects specified in the policy.
|ac-3.15_prm_1||organization-defined mandatory access control policy|
|ac-3.15_prm_2||organization-defined discretionary access control policy|
|ac-03.15_odp.01||mandatory access control policy|
|ac-03.15_odp.02||mandatory access control policy|
|ac-03.15_odp.03||discretionary access control policy|
|ac-03.15_odp.04||discretionary access control policy|
Simultaneously implementing a mandatory access control policy and a discretionary access control policy can provide additional protection against the unauthorized execution of code by users or processes acting on behalf of users. This helps prevent a single compromised user or process from compromising the entire system.
Related controls 3
- SC-02 Separation of System and User Functionality L M H P
- SC-03 Security Function Isolation L M H P
- AC-04 Information Flow Enforcement L M H P