An access control policy is
|“||[a] statement of intent with regard to control over access to, dissemination of, and modification on an information processing system. The policy must be precisely defined and implemented for each system that is used to process information. The policy must accurately reflect the laws, regulations, and general policies from which it is derived.||”|
- ↑ Draft Comprehensive Information Assurance Dictionary 8 (1995) (full-text).
- ↑ Compendium of Approved ITU-T Security Definitions, at 2.