JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Label Administration     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Labels in Trusted Extensions (Overview)

2.  Planning Labels in Trusted Extensions (Tasks)

3.  Creating a Label Encodings File (Tasks)

4.  Labeling Printer Output (Tasks)

5.  Customizing the LOCAL DEFINITIONS Section (Tasks)

6.  Planning an Organization's Encodings File (Example)

Identifying the Site's Label Requirements

Satisfying Information Protection Goals

Trusted Extensions Features That Address Labeling and Access

Climbing the Security Learning Curve

Analyzing the Requirements for Each Label

Requirements for CONFIDENTIAL: INTERNAL_USE_ONLY

Requirements for CONFIDENTIAL: NEED_TO_KNOW

Requirements for CONFIDENTIAL: REGISTERED

Names of Groups With NEED_TO_KNOW Label

Understanding the Set of Labels

Defining the Set of Labels

Planning the Classifications

Planning the Compartments

Planning the Use of Words in MAC

Planning the Use of Words in Labeling System Output

Planning Unlabeled Printer Output

Planning for Supporting Procedures

Rules for Protecting a REGISTERED File or Directory

Rules for Configuring Printers

Rules for Handling Printer Output

Planning the Classification Values in a Worksheet

Planning the Compartment Values and Combination Constraints in a Worksheet

Planning the Clearances in a Worksheet

Planning the Printer Banners in a Worksheet

Planning the Channels in a Worksheet

Planning the Minimum Labels in an Accreditation Range

Planning the Colors in a Worksheet

Editing and Installing the label_encodings File

Specifying the Version

Specifying the Classifications

Specifying the Sensitivity Labels

Specifying the Information Labels

Specifying the Clearances

Specifying the Channels

Specifying the Printer Banners

Specifying the Accreditation Range

Specifying the Local Definitions

Specifying the Default User Labels

Specifying the Color Names

Configuring Users and Printers for Labels

A.  Encodings File for SecCompany (Example)

Index

Analyzing the Requirements for Each Label

The security administrator agrees that the set of labels that are mandated by the legal department is a useful starting point. However, further analysis is needed before the labels can be encoded.

Requirements for CONFIDENTIAL: INTERNAL_USE_ONLY

The CONFIDENTIAL: INTERNAL_USE_ONLY label is for information that is proprietary to the company but can be distributed to all employees because of its low level of sensitivity. All employees have signed nondisclosure agreements before starting employment. Information with this label might also be distributed to other people. For example, the employees of vendors and contractors who have signed a nondisclosure agreement can receive the information. Because the Internet can be snooped, information with this label cannot be sent over the Internet. However, the information can be sent over email within the company.

Suitable use of the CONFIDENTIAL: INTERNAL_USE_ONLY label includes the following:

Requirements for CONFIDENTIAL: NEED_TO_KNOW

The CONFIDENTIAL: NEED_TO_KNOW label is for information that is proprietary to the company, has a higher level of sensitivity than INTERNAL_USE_ONLY, and has a more limited audience. Distribution is limited to employees who need to know the information. Other people who need to know the information and who have signed nondisclosure agreements might also be in the audience.

For example, if only the group of people working on a particular project should view certain information, then NEED_TO_KNOW should be used on that information. Whenever information must be restricted to a particular group, the name of the group needs to be specified on the paper version of the information.

Including the name of a group in the CONFIDENTIAL: NEED_TO_KNOW label makes it clear that the information must not be given to anyone outside of the group. Information with this label cannot be sent over the Internet, but it can be sent over email within the company.

Suitable use of the NEED_TO_KNOW label includes the following:

Requirements for CONFIDENTIAL: REGISTERED

The CONFIDENTIAL: REGISTERED label is for information that is proprietary to the company, has a very high level of sensitivity, and could significantly harm the company if released. Registered information must be numbered and tracked by the owner. Each copy must be assigned to a specific person. The copy must be returned to the owner for destruction after being read. Copies can be made only by the owner of the information. Use of brownish-red paper is recommended because this color cannot be copied.

This label is used when only one specific group of people is allowed to view the proprietary information. This information cannot be shown to anyone who is not authorized by the owner. The information cannot be shown to employees of other companies who have not signed a nondisclosure agreement, even if the owner authorizes the disclosure. Information with this label cannot be sent through email.

Suitable use of the CONFIDENTIAL: REGISTERED label includes the following:

Names of Groups With NEED_TO_KNOW Label

The security administrator decides that the NEED_TO_KNOW label will contain the names of groups or departments. The security Administrator asks for suggestions about what words to use to define groups or areas of interest within the organization. The following group names are in the initial list:

Later, the security administrator adds the Project Team group, which enables all members of the Engineering and Marketing groups to share project data.

Understanding the Set of Labels

The next step for the security administrator is to resolve how to use the classifications and compartments to encode the labels and clearances.

The next step for the security administrator is to resolve the following issues:

The security administrator uses a large board. Pieces of paper are marked with the words that will be in the labels, as shown in Figure 6-4. This setup illustrates the relationships among labels. The pieces are rearranged until they all fit together.

The administrator drafts the following label relationships:

Figure 6-4 Sample Planning Board for Label Relationships at SecCompany

image:Graphic shows a board to help administrators plan label assignments.