What type of access control scheme limits access based on security labels assigned to resources?

The correct answer, Mandatory Access Control (MAC), is a type of access control scheme that applies strict policies determined by a central authority, where access is granted based on security labels assigned to both users and resources. In this model, every resource and user is assigned a label that signifies clearance for specific levels of information, such as confidential, secret, or top secret.

Under MAC, users cannot change access permissions; instead, the system enforces predetermined access policies that prevent unauthorized users from accessing information that exceeds their security level. This is essential in environments where data sensitivity requires high security, such as government agencies or military operations.

Discretionary Access Control allows users to have some level of influence over who accesses their resources, while Role-Based Access Control assigns access based on the roles users perform within an organization, defined by their responsibilities rather than security labels. Attribute-Based Access Control, on the other hand, uses a set of attributes (e.g., user, resource, environmental) to make access decisions but does not primarily rely on fixed security labels as MAC does.