Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Mandatory Access Controls (MAC)

Training Camp • Cybersecurity Glossary

What is Mandatory Access Controls (MAC)?

Access control that requires the system itself to manage access controls in accordance with the organization's security policies.

Glossary > Governance, Risk & Compliance > Mandatory Access Controls (MAC)

Understanding Mandatory Access Controls (MAC)

Access control that requires the system itself to manage access controls in accordance with the organization's security policies. MAC is an access control model where access decisions are determined by the system based on security labels assigned to subjects (users/processes) and objects (files/resources). Users cannot override or modify these controls, as policy enforcement is controlled by the system, not resource owners. MAC is defined in standards like NIST SP 800-53 and is often required in high-security environments. Organizations implement MAC through operating systems and applications that support security labeling, centrally defined security policies, and mechanisms that enforce access based on comparing subject clearances with object classifications. For example, a military system might implement MAC where documents are labeled with classification levels (Confidential, Secret, Top Secret) and users are assigned clearance levels, with the system automatically preventing users from accessing information above their clearance regardless of their desires or actions. Related terms: Access control, Discretionary access control (DAC), Security labels, Multi-level security, Bell-LaPadula model, Classification, Clearance.

Learn More About Mandatory Access Controls (MAC):

Ready to Get Certified?

Mandatory Access Controls (MAC) is one of the topics you'll master in the Security+ Boot Camp.

Security+ Boot Camp →