Mandatory Access Control
Users can not change security attributes at request (non-discretionary)
A corporate policy or security rules is enforced
User programs have to work within the constraints of these access rules