# Clark-Wilson Integrity Model One-sentence definition: Commercial integrity model using **well-formed transactions**, **constrained data items (CDIs)**, and **separation of duties**. ## Key Facts - Users perform via transformation procedures (TPs) that preserve integrity. - IVP (Integrity Verification Procedure) validates CDIs remain consistent. - Enforces access triplet: user–TP–CDI; auditors verify rules. - Emphasizes SoD, auditing, and application controls (not just MAC/DAC). - Ideal for financial systems and ERPs. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick model with transaction controls and auditing. **Mnemonic:** “**W**ell-formed **T**ransactions keep **C**DIs clean.” ## Mini Scenario Q: Same person creates and approves payments—violation? A: Breaks SoD under Clark-Wilson; requires separate TPs/roles. ## Revision Checklist - Define CDI, TP, IVP. - Contrast with Biba’s lattice approach. - Identify SoD/audit importance. ## Related [[Biba Integrity Model]] · [[Bell-LaPadula (BLP) Model]] · [[Segmentation, DMZs, and Zero Trust Architecture]] · [[Secure Design Principles (Saltzer & Schroeder)]] · [[Threat Modeling (STRIDE, Attack Surface)]] · [[Domain 3 - Index]]