Access control is the ability to selectively allow other users access to information. UNIX-style access controls support user, group, and world read/write/execute permissions. The Access Control Lists (ACL's) specified by C2 implementations and the CMW requirements allow finer-grained control. A single user may be granted access to a file, or may be excluded from a group that has access to a file.
Labels are security-related information which is associated with objects like windows, processes, files, or devices. The ability to associate security labels with system objects is also under security control. CMWs can utilize two forms of security labels: mandatory access and information labels. Mandatory labels are static for the particular object. Information labels may change as data is put into the object.