Authorization is the process of granting or denying specific permissions to an authenticated identity. CISSP candidates must understand how different models—from static Mandatory Access Control (MAC) to dynamic Attribute-Based Access Control (ABAC)—are used to protect sensitive resources and how policies are enforced through architectural points like PEP and PDP.