An organization is implementing a new internal system that needs to securely handle a variety of classified information. The security administrator needs to ensure that users can only access data at or below their own security level. Which type of access control model would BEST meet this requirement?