This right contains a set of other rights which are required for maintaining an information security policy. Mandatory Access Control (MAC) and Discretionary Access Control (DAC) policies can be established and maintained using this right.