A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources.
NIST SP 800-82 Rev. 2