The compact format access rule is indicated by tag '8C' in the FCP. An access rule in this format is encoded with:
The AM byte conveys two types of information:
interpretation of the AM byte itself;
number of SC bytes in the access rule.
If b8 in the AM byte is set to '0' the AM byte is followed by a number of SC bytes equal to the number of bits set to '1' in the AM byte (excluding b8). Each SC bytes codes the conditions relevant to a set of commands, in the same order (b7 to b1) as in the AM byte. When b8 is set to '1' the usage of b7 to b4 is proprietary.
When multiple sets of an AM byte and one or more corresponding SC bytes are present in the value field of the DO, tag '8C', they represent an OR condition.
The SC byte specifies which security mechanisms are necessary to conform to the access rules, see ISO/IEC 7816-4 
. The 4 most significant bits (b8 to b5) indicate the required security condition. An SE may be specified in bits b4 to b1. If an SE is specified, the mechanisms that may be defined in it for external authentication, user authentication and command protection are used, if indicated by bits b4 to b1.
If bit b8 is set to '1' all conditions in bits b7 to b5 need to be satisfied. If bit b8 is set to '0' at least one of the conditions set in bits b7 to b5 need to be satisfied. If b7 is set to '1', the CRT of the SE indicated in bits b4 to b1 describes whether secure messaging applies to the command APDU, the response APDU or both.
For EFs with the access condition ALW for READ and UPDATE the security attribute would look as follows:
For EFs with the access condition ALW for READ and NEV for all other access conditions the security attribute would look as follows:
and EF ICC the access rule would be as follows. READ is set to ALW and UPDATE, DEACTIVATE and ACTIVATE is set to ADM. The ADM condition is indicated as a user authentication. The key reference is implicitly known.