Definitions[edit | edit source]

An access control policy is

[a] statement of intent with regard to control over access to, dissemination of, and modification on an information processing system. The policy must be precisely defined and implemented for each system that is used to process information. The policy must accurately reflect the laws, regulations, and general policies from which it is derived.[1]

An access control policy is "[t]he set of rules that define the conditions under which an access may take place."[2]

References[edit | edit source]

  1. Draft Comprehensive Information Assurance Dictionary 8 (1995) (full-text).
  2. Compendium of Approved ITU-T Security Definitions, at 2.

See also[edit | edit source]

Community content is available under CC-BY-SA unless otherwise noted.