Advanced Security Systems Inc. sales, services and installs the following access control systems in metro Washington DC.
Mandatory access control (MAC): A security model in which access rights are regulated by a central authority based on multiple levels of security. Often used in government and military environments, classifications are assigned to system resources and the operating system or security kernel, grants or denies access to those resource objects based on the information security clearance of the user or device. For example, Security Enhanced Linux is an implementation of MAC on the Linux operating system.
Discretionary access control (DAC): An access control method in which owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource. Many of these systems enable administrators to limit the propagation of access rights. A common criticism of DAC systems is a lack of centralized control.
Role-based access control (RBAC): A widely used access control mechanism that restricts access to computer resources based on individuals or groups with defined business functions -- executive level, engineer level 1 -- rather than the identities of individual users. The role-based security model relies on a complex structure of role assignments, role authorizations and role permissions developed using role engineering to regulate employee access to systems. RBAC systems can be used to enforce MAC and DAC frameworks.
Rule-based access control: A security model in which the system administrator defines the rules that to govern access to resource objects. Often these rules are based on conditions, such as time of day or location. It is not uncommon to use some form of both rule-based access control and role-based access control to enforce access policies and procedures.
Attribute-based access control (ABAC): A methodology that manages access rights by evaluating a set of rules, policies and relationships using the attributes of users, systems and environmental conditions.
Uses of access control: The goal of access
control is to minimize the risk of
unauthorized access to physical and
logical systems. Access control is a
fundamental component of security
compliance programs that ensures
security technology and access control
policies are in place to protect confidential
information, such as customer data.
Most organizations have infrastructure
and procedures that limit access
to networks, computer systems,
applications, files and sensitive data,
such as personally identifiable
information and intellectual property.
When a user is added to an access management system, system administrators use an automated provisioning system to set up permissions based on access control frameworks, job responsibilities and workflows.
The best practice of "least privilege" restricts access to only resources that an employee requires to perform their immediate job functions.