Centralised Control: Access policies are managed by a central authority, ensuring consistency and security
Policy-Based Access: Access is determined by pre-defined policies, often involving security labels
Non-Discretionary: Users cannot alter access permissions, which are strictly managed by administrators