NIST defines access control as determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. The following provides implementation methods and assessment tips to help evaluate the administration, enforcement, performance, and support properties of access control systems. (Source)