Certified Information Systems Security Professional (CISSP) Practice Exam 2025 – All-in-One Guide to Mastering Your Certification!

Mandatory Access Control (MAC) is distinguished by its strict enforcement of access restrictions based on predetermined classifications, clearances, and labels associated with both the data and the users. In a MAC environment, system policies dictate how information can be accessed, and users cannot alter these permissions.

This means that access rights are fundamentally driven by the security classification of the data (such as confidential, secret, or top secret) and the security clearances assigned to users. For example, a user with a "top secret" clearance can access information labeled as "top secret," but not information classified as "secret" or "confidential" if their clearance does not allow it. The system automatically enforces these rules without the intervention of users or system administrators, ensuring a high level of security.

In contrast, Discretionary Access Control allows users to control access to their own resources, Role-Based Access Control assigns permissions based on the roles users have within an organization, and Attribute-Based Access Control grants access based on attributes of users and resources, rather than strictly defined labels and clearances. These other methods provide more flexibility and user influence over access rights than the rigid structure provided by MAC.