Nowadays, information systems cover all-important aspects of people's life, and computer applications are vastly used in widespread fields from medicine to military sector. Because of considerable dependence on computer-based systems, the security of the information saved in these systems is of great concern, and therefore, the complexity of data protection and availability of many modern systems are increasing. Access control is considered as the core of information security and the center of data protection and availability of needs. In the organizations, whose operations require the share of digital resources with different degrees of sensitivity, such an access control is crucially required. Considering the diverse structure, requirements, and specifications of an organization, and taking into account that access control policies and models are available in diverse forms, it is required to select and implement an appropriate access control model consistent with the security requirements of the related organization in order to achieve the best results and minimum access risks and threats. In this paper, the main and most important criteria in the different access control models are evaluated and finally, the most appropriate model is introduced for implementation based on the security policies and requirements of organizations and the specifications of each access control model.