Commercial application requires protection of integrity policy. Biba model provides a simple multi-level integrity access control scheme but it needs the introduction of trusted subject to ensure the usability. Clark-Wilson model provides a complete integrity protection by means of controlled state transaction, but its entire implementation is hindered by its complication. This paper proposes a model that enforces Biba strict integrity policy as basic access control mechanism, at the same time enforces Biba low-water-mark policy on trusted subjects according to the state in their lifecycle. Clark-Wilson model is used to control and audit subject’s state transition and run time adjustment of low-water-mark policy parameters. This paper solves the usability problem introduced by Biba policies and high configuration burden and runtime overload introduced by massive supervising task of Clark-Wilson, while at the same time borrows their merits. This policy composition scheme is proved to be applicable and secure.