Enforce organization-defined discretionary access control policies over defined subjects and objects.