Control Architecture: Access Controls: What access control model is used?
Options:Option 1: Use clearances, classifications, and compartments.
Option 2: Use roles and rules.
Option 3: Use owner authorized.
Option 4: Use a subject object model.
Option 5: Use a possession-based model
Option 6: Pick the best fit of these or create a different enterprise model.
Decision:IF A regulatory mandate requires it, or working largely for an organization that uses it, THEN Use clearances, classifications, and compartments.
OTHERWISE IF A model is already in use and changing it would be too expensive or difficult THEN Use the current model.
OTHERWISE IF Workers change tasking often, have many areas of responsibility at a time, and many workers do the same tasks, THEN Use roles and rules,
OTHERWISE IF Content and systems have ownership assigned and delegate work based on their ownership, THEN Use owner authorized,
OTHERWISE IF Well defined individuals or mechanisms have rights or privileges with respect to well defined content, THEN Use a subject object model,
OTHERWISE IF Anyone should be allowed to do anything if they can "afford" it or have been "given" access by someone possessing access THEN Use a possession-based model,
OTHERWISE Pick the best fit of these or create a different enterprise model.
Use clearances, classifications, and compartments:
Clearances are defined by the level of trust of individuals based
on background investigations, history, and other factors as
defined. Clearances are defined for content based on magnitude of
consequences associated with the misuse of the content. Compartments
are based on the groupings of content necessary to perform kinds of
work. Access is granted based on holding a clearance high enough for
the classification of the content, working in an area associated with
the content, and having a reasonable need to know the content in order
to perform an authorized task. Separation of duties and risk
aggregation limit the compartments permitted and, in more
advanced cases, the set of compartments allowable to individuals
Use roles and rules:
People are assigned roles based on what their job assignments are and access is granted based on a set of management defined rules about what different roles access under what conditions in order to perform their roles. Separation of duties and risk aggregation limit the simultaneous roles permitted and, in more advanced cases, the sequences of roles allowable to individuals and groups over time. Rules also change over time and must be analyzed for separation of duties and risk aggregations.
Use owner authorized:
Content and systems are "owned" on a fiduciary or actual basis by individuals who make individual determinations about what individuals or groups may access what content under what conditions.
Use a subject object model:
Subjects (people and automated mechanisms) are granted Rights (things that they can do) to Objects (content, containers, and mechanisms) based on management decisions. Risk aggregation, if done, is done by analysis of granting of rights over time.
Use a possession-based model:
Access devices of various sorts (e.g., keys, certificates, tickets, tokens, money, etc.)
are possessed by individuals or mechanisms, and access is granted based on possession and
possible surrender of those devices.
Pick the best fit of these or create a different enterprise model:
It is almost always better to pick one of the above defined mechanisms since they are already realized in implementations of various sorts, however; many of the mechanisms can be repurposed for other uses, and mechanisms available should not limit the manner in which access is modeled.