Maria's organization employs an access control system that evaluates the security readiness of a device before granting network access. The system checks whether the device is fully patched, if the latest antimalware scans are clean, and if the firewall is active. If there are potential issues that may indicate a compromise, she is not permitted to connect and must contact support. What type of access control scheme best describes this type of process?

Risk-based access control models risk using information that is available when the access request is created. Information about the request and the risk it may create is calculated based on risk values and compared to access policies. If the risk value is acceptable, access is granted. One of the most common examples of this in organizations is NAC, or network access control, where a system is profiled to determine security risk and compliance before admission to a network. This can be seen as a more specific example of rule-based access control. Role-based access control bases its decisions on the roles of the individuals, whereas mandatory access control is enforced by the operating system.