Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Access Control
  4. >SP800-53-AC-3(3)
SP800-53-AC-3(3)Active

Mandatory Access Control

Statement

Enforce mandatory access control policy; subjects; privileges over the set of covered subjects and objects specified in the policy, and where the policy: Is uniformly enforced across the covered subjects and objects within the system; Specifies that a subject that has been granted access to information is constrained from doing any of the following; Passing the information to unauthorized subjects or objects; Granting its privileges to other subjects; Changing one or more security attributes (specified by the policy) on subjects, objects, the system, or system components; Choosing the security attributes and attribute values (specified by the policy) to be associated with newly created or modified objects; and Changing the rules governing access control; and Specifies that subjects may explicitly be granted privileges such that they are not limited by any defined subset (or all) of the above constraints.

Location

Control Family
Access Control

Control Details

Identifier
SP800-53-AC-3(3)
Family
AC
Parent Control
SP800-53-AC-3

Organisation-Defined Parameters

ac-03.03_odp.01
mandatory access control policy
ac-03.03_odp.02
mandatory access control policy
ac-03.03_odp.03
subjects
ac-03.03_odp.04
privileges

Supplemental Guidance

Mandatory access control is a type of nondiscretionary access control. Mandatory access control policies constrain what actions subjects can take with information obtained from objects for which they have already been granted access. This prevents the subjects from passing the information to unauthorized subjects and objects. Mandatory access control policies constrain actions that subjects can take with respect to the propagation of access control privileges; that is, a subject with a privilege cannot pass that privilege to other subjects. The policy is uniformly enforced over all subjects and objects to which the system has control. Otherwise, the access control policy can be circumvented. This enforcement is provided by an implementation that meets the reference monitor concept as described in AC-25 . The policy is bounded by the system (i.e., once the information is passed outside of the control of the system, additional means may be required to ensure that the constraints on the information remain in effect).

The trusted subjects described above are granted privileges consistent with the concept of least privilege (see AC-6 ). Trusted subjects are only given the minimum privileges necessary for satisfying organizational mission/business needs relative to the above policy. The control is most applicable when there is a mandate that establishes a policy regarding access to controlled unclassified information or classified information and some users of the system are not authorized access to all such information resident in the system. Mandatory access control can operate in conjunction with discretionary access control as described in AC-3(4) . A subject constrained in its operation by mandatory access control policies can still operate under the less rigorous constraints of AC-3(4), but mandatory access control policies take precedence over the less rigorous constraints of AC-3(4). For example, while a mandatory access control policy imposes a constraint that prevents a subject from passing information to another subject operating at a different impact or classification level, AC-3(4) permits the subject to pass the information to any other subject with the same impact or classification level as the subject. Examples of mandatory access control policies include the Bell-LaPadula policy to protect confidentiality of information and the Biba policy to protect the integrity of information.

Assessment Objective

mandatory access control policy is enforced over the set of covered subjects specified in the policy; mandatory access control policy is enforced over the set of covered objects specified in the policy; mandatory access control policy is uniformly enforced across the covered subjects within the system; mandatory access control policy is uniformly enforced across the covered objects within the system; mandatory access control policy and mandatory access control policy specifying that a subject that has been granted access to information is constrained from passing the information to unauthorized subjects or objects are enforced; mandatory access control policy and mandatory access control policy specifying that a subject that has been granted access to information is constrained from granting its privileges to other subjects are enforced; mandatory access control policy and mandatory access control policy specifying that a subject that has been granted access to information is constrained from changing one of more security attributes (specified by the policy) on subjects, objects, the system, or system components are enforced; mandatory access control policy and mandatory access control policy specifying that a subject that has been granted access to information is constrained from choosing the security attributes and attribute values (specified by the policy) to be associated with newly created or modified objects are enforced; mandatory access control policy and mandatory access control policy specifying that a subject that has been granted access to information is constrained from changing the rules governing access control are enforced; mandatory access control policy and mandatory access control policy specifying that subjects may explicitly be granted privileges such that they are not limited by any defined subset (or all) of the above constraints are enforced.

No cross-framework mappings available

← Back to Access Control
Access Control147 controls
SP800-53-AC-1Policy and ProceduresSP800-53-AC-2Account ManagementSP800-53-AC-2(1)Automated System Account ManagementSP800-53-AC-2(2)Automated Temporary and Emergency Account ManagementSP800-53-AC-2(3)Disable AccountsSP800-53-AC-2(4)Automated Audit ActionsSP800-53-AC-2(5)Inactivity LogoutSP800-53-AC-2(6)Dynamic Privilege ManagementSP800-53-AC-2(7)Privileged User AccountsSP800-53-AC-2(8)Dynamic Account ManagementSP800-53-AC-2(9)Restrictions on Use of Shared and Group AccountsSP800-53-AC-2(10)Shared and Group Account Credential ChangeSP800-53-AC-2(11)Usage ConditionsSP800-53-AC-2(12)Account Monitoring for Atypical UsageSP800-53-AC-2(13)Disable Accounts for High-risk IndividualsSP800-53-AC-3Access EnforcementSP800-53-AC-3(1)Restricted Access to Privileged FunctionsSP800-53-AC-3(2)Dual AuthorizationSP800-53-AC-3(3)Mandatory Access ControlSP800-53-AC-3(4)Discretionary Access ControlSP800-53-AC-3(5)Security-relevant InformationSP800-53-AC-3(6)Protection of User and System InformationSP800-53-AC-3(7)Role-based Access ControlSP800-53-AC-3(8)Revocation of Access AuthorizationsSP800-53-AC-3(9)Controlled ReleaseSP800-53-AC-3(10)Audited Override of Access Control MechanismsSP800-53-AC-3(11)Restrict Access to Specific Information TypesSP800-53-AC-3(12)Assert and Enforce Application AccessSP800-53-AC-3(13)Attribute-based Access ControlSP800-53-AC-3(14)Individual AccessSP800-53-AC-3(15)Discretionary and Mandatory Access ControlSP800-53-AC-4Information Flow EnforcementSP800-53-AC-4(1)Object Security and Privacy AttributesSP800-53-AC-4(2)Processing DomainsSP800-53-AC-4(3)Dynamic Information Flow ControlSP800-53-AC-4(4)Flow Control of Encrypted InformationSP800-53-AC-4(5)Embedded Data TypesSP800-53-AC-4(6)MetadataSP800-53-AC-4(7)One-way Flow MechanismsSP800-53-AC-4(8)Security and Privacy Policy FiltersSP800-53-AC-4(9)Human ReviewsSP800-53-AC-4(10)Enable and Disable Security or Privacy Policy FiltersSP800-53-AC-4(11)Configuration of Security or Privacy Policy FiltersSP800-53-AC-4(12)Data Type IdentifiersSP800-53-AC-4(13)Decomposition into Policy-relevant SubcomponentsSP800-53-AC-4(14)Security or Privacy Policy Filter ConstraintsSP800-53-AC-4(15)Detection of Unsanctioned InformationSP800-53-AC-4(16)Information Transfers on Interconnected SystemsSP800-53-AC-4(17)Domain AuthenticationSP800-53-AC-4(18)Security Attribute BindingSP800-53-AC-4(19)Validation of MetadataSP800-53-AC-4(20)Approved SolutionsSP800-53-AC-4(21)Physical or Logical Separation of Information FlowsSP800-53-AC-4(22)Access OnlySP800-53-AC-4(23)Modify Non-releasable InformationSP800-53-AC-4(24)Internal Normalized FormatSP800-53-AC-4(25)Data SanitizationSP800-53-AC-4(26)Audit Filtering ActionsSP800-53-AC-4(27)Redundant/Independent Filtering MechanismsSP800-53-AC-4(28)Linear Filter PipelinesSP800-53-AC-4(29)Filter Orchestration EnginesSP800-53-AC-4(30)Filter Mechanisms Using Multiple ProcessesSP800-53-AC-4(31)Failed Content Transfer PreventionSP800-53-AC-4(32)Process Requirements for Information TransferSP800-53-AC-5Separation of DutiesSP800-53-AC-6Least PrivilegeSP800-53-AC-6(1)Authorize Access to Security FunctionsSP800-53-AC-6(2)Non-privileged Access for Nonsecurity FunctionsSP800-53-AC-6(3)Network Access to Privileged CommandsSP800-53-AC-6(4)Separate Processing DomainsSP800-53-AC-6(5)Privileged AccountsSP800-53-AC-6(6)Privileged Access by Non-organizational UsersSP800-53-AC-6(7)Review of User PrivilegesSP800-53-AC-6(8)Privilege Levels for Code ExecutionSP800-53-AC-6(9)Log Use of Privileged FunctionsSP800-53-AC-6(10)Prohibit Non-privileged Users from Executing Privileged FunctionsSP800-53-AC-7Unsuccessful Logon AttemptsSP800-53-AC-7(1)Automatic Account LockSP800-53-AC-7(2)Purge or Wipe Mobile DeviceSP800-53-AC-7(3)Biometric Attempt LimitingSP800-53-AC-7(4)Use of Alternate Authentication FactorSP800-53-AC-8System Use NotificationSP800-53-AC-9Previous Logon NotificationSP800-53-AC-9(1)Unsuccessful LogonsSP800-53-AC-9(2)Successful and Unsuccessful LogonsSP800-53-AC-9(3)Notification of Account ChangesSP800-53-AC-9(4)Additional Logon InformationSP800-53-AC-10Concurrent Session ControlSP800-53-AC-11Device LockSP800-53-AC-11(1)Pattern-hiding DisplaysSP800-53-AC-12Session TerminationSP800-53-AC-12(1)User-initiated LogoutsSP800-53-AC-12(2)Termination MessageSP800-53-AC-12(3)Timeout Warning MessageSP800-53-AC-13Supervision and Review — Access ControlSP800-53-AC-14Permitted Actions Without Identification or AuthenticationSP800-53-AC-14(1)Necessary UsesSP800-53-AC-15Automated MarkingSP800-53-AC-16Security and Privacy AttributesSP800-53-AC-16(1)Dynamic Attribute AssociationSP800-53-AC-16(2)Attribute Value Changes by Authorized IndividualsSP800-53-AC-16(3)Maintenance of Attribute Associations by SystemSP800-53-AC-16(4)Association of Attributes by Authorized IndividualsSP800-53-AC-16(5)Attribute Displays on Objects to Be OutputSP800-53-AC-16(6)Maintenance of Attribute AssociationSP800-53-AC-16(7)Consistent Attribute InterpretationSP800-53-AC-16(8)Association Techniques and TechnologiesSP800-53-AC-16(9)Attribute Reassignment — Regrading MechanismsSP800-53-AC-16(10)Attribute Configuration by Authorized IndividualsSP800-53-AC-17Remote AccessSP800-53-AC-17(1)Monitoring and ControlSP800-53-AC-17(2)Protection of Confidentiality and Integrity Using EncryptionSP800-53-AC-17(3)Managed Access Control PointsSP800-53-AC-17(4)Privileged Commands and AccessSP800-53-AC-17(5)Monitoring for Unauthorized ConnectionsSP800-53-AC-17(6)Protection of Mechanism InformationSP800-53-AC-17(7)Additional Protection for Security Function AccessSP800-53-AC-17(8)Disable Nonsecure Network ProtocolsSP800-53-AC-17(9)Disconnect or Disable AccessSP800-53-AC-17(10)Authenticate Remote CommandsSP800-53-AC-18Wireless AccessSP800-53-AC-18(1)Authentication and EncryptionSP800-53-AC-18(2)Monitoring Unauthorized ConnectionsSP800-53-AC-18(3)Disable Wireless NetworkingSP800-53-AC-18(4)Restrict Configurations by UsersSP800-53-AC-18(5)Antennas and Transmission Power LevelsSP800-53-AC-19Access Control for Mobile DevicesSP800-53-AC-19(1)Use of Writable and Portable Storage DevicesSP800-53-AC-19(2)Use of Personally Owned Portable Storage DevicesSP800-53-AC-19(3)Use of Portable Storage Devices with No Identifiable OwnerSP800-53-AC-19(4)Restrictions for Classified InformationSP800-53-AC-19(5)Full Device or Container-based EncryptionSP800-53-AC-20Use of External SystemsSP800-53-AC-20(1)Limits on Authorized UseSP800-53-AC-20(2)Portable Storage Devices — Restricted UseSP800-53-AC-20(3)Non-organizationally Owned Systems — Restricted UseSP800-53-AC-20(4)Network Accessible Storage Devices — Prohibited UseSP800-53-AC-20(5)Portable Storage Devices — Prohibited UseSP800-53-AC-21Information SharingSP800-53-AC-21(1)Automated Decision SupportSP800-53-AC-21(2)Information Search and RetrievalSP800-53-AC-22Publicly Accessible ContentSP800-53-AC-23Data Mining ProtectionSP800-53-AC-24Access Control DecisionsSP800-53-AC-24(1)Transmit Access Authorization InformationSP800-53-AC-24(2)No User or Process IdentitySP800-53-AC-25Reference Monitor