_____ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.

A.
Mandatory Access Control

B.
Authorized Access Control

C.
Role-based Access Control

D.
Discretionary Access Control

Explanation:
In computer security, mandatory access control (MAC) is a kind of access control, defined by the TCSEC as “a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.”