Which model includes global rules that apply to all subjects?

The choice of Non-Discretionary Access Control as the correct model aligns with its defining characteristic of enforcing global rules that apply consistently across all subjects within the system. In this model, the access permissions are determined by organizational policies rather than individual user discretion. This approach ensures that security policies are uniformly enforced, reducing the risks associated with individual decision-making that might inadvertently lead to unauthorized access.

Non-Discretionary Access Control is typically used in environments where strict regulatory compliance and security standards are necessary, as it allows for centralized control over access permissions. By having globally applicable rules, it promotes a secure and predictable access environment where the behavior and permissions of all subjects are guided and enforced by established policies.

Other models such as Role-Based Access Control and Discretionary Access Control do not emphasize global rules in the same manner. Role-Based Access Control focuses on assigning permissions based on user roles, which can result in variations in access based on individual roles rather than applying uniform rules across all subjects. Discretionary Access Control allows users to manage their own permissions, introducing an element of subjectivity and potentially leading to inconsistencies in access governance. Rule-Based Access Control does involve rules but typically pertains to specific conditions related to the data or access requests rather than global principles that