In non-discretionary access control, a central authority determines what subjects can have access
to certain objects based on the organizational security policy. The access controls may be based

on:

A.
the society’s role in the organization

B.
the individual’s role in the organization

C.
the group-dynamics as they relate to the individual’s role in the organization

D.
the group-dynamics as they relate to the master-slave role in the organization

Explanation:
Non-Discretionary Access Control. A central authority determines what subjects can
have access to certain objects based on organizational security policy. The access controls may
be based on the individual’s role in the organization (role-based) or the subject’s responsibilities
and duties (task-based).
Pg. 33 Krutz: The CISSP Prep Guide.