← Back to catalog
AC-3(15)
Discretionary and Mandatory Access Control
Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Enforce [assignment] over the set of covered subjects and objects specified in the policy; and Enforce [assignment] over the set of covered subjects and objects specified in the policy.
Discussion
Simultaneously implementing a mandatory access control policy and a discretionary access control policy can provide additional protection against the unauthorized execution of code by users or processes acting on behalf of users. This helps prevent a single compromised user or process from compromising the entire system.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.