What access control model requires the system to enforce authorization based on security policies?

Mandatory Access Control (MAC) is the access control model that requires the system to enforce authorization based on predetermined security policies. In this model, access to resources is restricted based on the sensitivity of the information and the user’s security clearance. Users cannot change access rights, and the system rigorously enforces the established policies, which are based on classifications and categories assigned to both users and data.

In a MAC environment, security labels are assigned to data and users. For instance, a top-secret document cannot be accessed by someone with a confidential clearance. This strict classification system ensures a high level of security because it minimizes the risk of unauthorized access based on individual discretion, which is a key aspect distinguishing MAC from other models like Discretionary Access Control (DAC).

The reliance on overarching security policies rather than individual user decisions is what sets this model apart, making it particularly suitable for environments such as government and military applications where protecting sensitive information is crucial.