One of the features of the Criteria that is required of a secure system is the enforcement of discretionary access control (DAC). DAC is a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a user or process given discretionary access to information is capable of passing that information along to another subject. This guide discusses issues in designing, implementing and evaluating DAC mechanisms. Its primary purpose is to provide guidance to manufacturers on how to select and build effective DAC mechanisms. Any examples of DAC mechanisms in this document are not to be construed as the only implementations that will satisfy the Criteria requirement. The examples are merely suggestions of appropriate implementations. The Criteria is the only metric against which systems are to be evaluated. In addition to showing examples of DAC mechanisms, this guide will restate and elaborate on the Criteria requirements for DAC. This guide is part of an on-going program to augment the Criteria on the issues and features it addresses.