An ACP specifies the conditions in which particular Security Services and mechanisms are used to provide access control. These security services and mechanisms include, but are not limited to, Access control lists; Capabilities; and Security labeling. Access privileges granted by one security domain authority are not valid within another security domain unless they have been given in the form of a proxy which originated in the other security domain. There may be other Access Control information defined by an Access Control Policy. This information is outside the scope of this Specification. source: ITU-T X.741 domain: Security acronyms: ACP usage

a policy whose enforcement can (hopefully) be accomplished using the protection-based security features of a system

a set of rules defining the protection of resources, generally in terms of the capabilities of persons or other entities accessing those resources

Specifies which users are or are not entitled to an application's services.