What's the difference between an access control method, security model, and security policy?

You are pretty much on the money with your understanding. My only thought is that I wouldn't necessarily class an access method as a standard, more a model which, if adhered to, gives you some rules you can implement around access.

One thing to be aware of is that although control is usually based around confidentiality, as in Bell-Lapadula, the access model may be based around integrity. I would advise a good read of the Orange Book, or for a summary, see the Biba model wikipedia entry - in this model, the key is around levels of integrity, so you prevent data being written from a lower integrity area to a higher integrity area, as that could impact the integrity in the higher area.