Security Encyclopedia

Access Control

Access control is a process or system that governs how and who has access to an enterprise's resources such as its physical setting, data, applications, and communication channels.

Access control has two main parts, authentication and authorization. Authentication verifies that a user says who they say they are at the time access is requested. Authorization determines if a particular user has the appropriate permissions to access or alter the data.

Access control’s purpose is to secure confidential information, and it pertains to both the physical and digital realm.

Physical access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. Physical access control can be achieved by a human, through mechanical means such as locks and keys, or through dedicated access control systems such as a mantrap (aka two-way locking vestibule).

Digital access control generally refers to information security, in which general access control includes the aforementioned authentication and authorization, but also audit.


"I work for the federal government and the setting is mission-critical, so the access control systems are very stringent. In the morning we lock up our mobile phones and use CAC cards to access everything physical and digital."