Involves limiting what objects can be available to what subjects according to what rules

Any entity that requests access to our assets

Example: A ___ is the initiator of a request for service; therefore, a ___ is referred to as "active".

A device, process, person, user, program, server; client or other entity that responds to a request for service.

Example: An ___ has an owner, and the owner has the right to determine who or what should be allowed access to their ___.

An instruction developed to allow or deny access to an object by comparing the validated identity of the subject to an access control list.

Example: When a user (subject) attempts to access a file (object), a ___ validated the level of access, if any, the user should have to that file.

Access is based on three elements:

Describes an information security strategy that integrates people, technology and operations capabilities to establish variable barriers across multiple layers and missions of the organization.

Is a standard of permitting only minimum access necessary for users or programs to fulfill their function