Mandatory Access Control (MAC) is a security model where the operating system enforces access decisions based on labels assigned to subjects and objects. Unlike discretionary access control, users cannot override these decisions — the system determines who can access what based on classification levels and clearances.
MAC is most commonly associated with government and military environments. A document labeled Top Secret can only be accessed by users with a Top Secret clearance and need-to-know. The Bell-LaPadula model formalizes this with no-read-up and no-write-down rules.
CISSP Relevance
MAC is a core access control model tested in Domain 5 (Identity and Access Management). CISSP candidates must understand MAC alongside DAC and RBAC, including when each model is appropriate.
External reference: NIST Glossary Mandatory Access Control
Related terms: Role-Based Access Control, Data Classification