CISSP Domain 5: DAC, MAC, RBAC, ABAC Explained

On the CISSP, authorization-model questions come down to one move: find who or what holds the access decision, then match it to the model. This Domain 5 deep-dive walks all five access control models on objective 5.4 - discretionary, mandatory, role-based, attribute-based, and risk-based access control - and exactly when each one is the right answer. With Professor Erica, Kai, Grace, and Liam, we cover the identity-and-access foundations behind 13% of the current exam, plus the question-reading habits that turn ‘BEST’ and ‘MOST’ scenarios into quick, defensible picks.

In this video:

• DAC: why the resource owner deciding (via ACLs) is flexible but easy to over-share
• MAC: how labels and clearances let the system enforce access with no owner discretion
• RBAC: assigning permissions by job-function role so access scales to thousands of users
• ABAC: evaluating subject, object, action, and environment attributes for context-aware control
• Risk-based access (RAdAC): adapting decisions to real-time risk, the engine behind step-up authentication
• The underpinnings every model shares: least privilege, need-to-know, and separation of duties

The next video in the series moves into accountability, the logging and monitoring that catches an over-shared permission before it becomes an audit finding. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.

▶ Watch next: CISSP Domain 5: Identity Lifecycle & PAM Explained https://www.youtube.com/watch?v=K1vN90JjRmA

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi