What is an example of a context-dependent control?

A context-dependent control refers to a security mechanism that adapts the level of access or certain permissions based on specific contextual factors at the time of access. In this case, access restricted based on current time is a quintessential example.

This means that the system or application will allow or deny access to resources based on the time of day. For instance, an employee might have access to a secure facility only during business hours but be restricted during evenings and weekends. This type of control is dynamic, as it can change based on external conditions rather than being static or solely based on predefined attributes like user role or clearance level.

Access granted based on user role and access granted based on clearance level are both examples of attribute-based controls. They set permissions based on the specific attributes of the user but do not consider environmental or temporal factors. Access provided to all users does not reflect any context-dependent criteria and results in a broad, unrestricted access approach, which lacks any security validation based on context.