Access control is the set of mechanisms and policies used to restrict access to resources and enforce authorization decisions.
Access control combines policy (what is allowed) with enforcement mechanisms (how it is enforced). Common models include discretionary, mandatory, and role-based access control; modern systems often implement attribute-based rules.
The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
Protection of system resources against unauthorized access.
A process by which use of system resources is regulated according to a security policy and is permitted only by authorized entities (users, programs, processes, or other systems) according to that policy. (See: access, access control service, computer security, discretionary access control, mandatory access control, role-based access control.)
Limitations on interactions between subjects and objects in an information system.
"The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner." [I7498-2]
A system using physical, electronic, or human controls to identify or admit personnel with properly authorized access to a SCIF.