|

 
|
| | Name : | Matt Bishop | Organization : | University of California Davis | Post Date : | 9/30/2005 |
| Section : | 2.6.1 | Page no. : | 2-15, 2-16, 2-17 | Line no.: | | Comment : | ... [7,
Vol II §2.6.1, §2.6.2, §2.6.5, §2.6.6].
Upon review of these sections, it is unclear how the standards have defined an “Access Control Policy” or “Access Control Measures” — neither technical term appears in the provided glossary.
One section [7, Vol II
§2.6.1] implies that an Access Control Policy consists of “features” and “capabilities.” A different section [7, Vol I §6.2] implies that an Access Control Policy is the system’s access control matrix’s initial state. | |
|
|