Mandatory Controls, also known as Mandatory Access Controls (MAC), are a type of access control that restricts the user’s ability to access certain restricted data or to perform restricted actions. Privileged Access is often used as a form of mandatory access control, for example a requirement to be an Administrator or the Root user prevent ordinary users from performing many actions or viewing certain files and directories.
Mandatory controls ensure the enforcement of security parameters are followed regardless of user discretion. Mandatory Access Controls are often set by the company or entity in order to comply with legislative requirements such as HIPAA, PCI, or ITAR. These technical controls do not allow a user to access or grant access to specific files or to perform restricted activities at their own individual discretion. This is in contrast to Discretionary Access Controls (DAC), where users or owners of files or resources can grant access to files, data or resources, at their discretionary.
Related Term: Discretionary Access Controls (DAC)
Source: 21st National Information Systems Security Conference