This paper views the Reference Monitor in a new framework that makes i
t possible to generalize from passive to active monitors. It describes
a major trend in the evolution of information systems security. The c
oncepts are a practical reflection of real-world needs, expressed in a
theoretical framework The approach of employing active and passive po
licies provides a higher level of security than would otherwise be pos
sible. The passive traditional Reference Monitor that interprets secur
ity policies and permits or prohibits access requests is supplemented
by an active monitor to initiate behavior, such as taking positive act
ions to maintain integrity, taking recovery actions to restore situati
ons after failures, and regularly monitoring the system. This extensio
n to enforcement of various policies supports distributed systems arch
itectures as the appropriate model for thinking about information tech
nology (IT) security.