SecPlusTrainer / Glossary / What is Mandatory Access Control (MAC)?
D1 · General

What is Mandatory Access Control (MAC)?

MAC enforces access based on labels assigned to subjects (users/processes) and objects (files/data) — the OS/security policy controls access, not the owner. Used in government/military.
MAC vs DAC vs RBAC: MAC = system decides (most secure), DAC = owner decides (most flexible), RBAC = role decides (most practical). SELinux and AppArmor implement MAC on Linux. MAC prevents Trojan horse attacks — even malware running as you can't violate MAC policies.

Related Terms

What is an access token in security? What is an account lockout policy? What is Active Directory (AD)? What is Active Directory Certificate Services (AD CS)?
← Back to Glossary Practice Questions →