Sensitivity Labels and Clearances

A label has the following two components:

• Classification, also referred to as a level

  This component indicates a hierarchical level of security. When applied to people, the classification represents a measure of trust. When applied to data, a classification is the degree of protection that is required.

  In the U.S. Government, the classifications are TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED. Industry classifications are not as standardized. Unique classifications can be established by a company. For an example, see Figure 1–3. The terms on the left are classifications. The terms on the right are compartments.

• Compartments, also referred to as categories

  A compartment represents a grouping, such as a work group, department, project, or topic. A classification does not have to have a compartment. In Figure 1–3, the Confidential classification has three exclusive compartments. Public and Max Label have no compartments. As the figure shows, five labels are defined by this organization.

Trusted Extensions maintains two types of labels: sensitivity labels and clearances. A user can be cleared to work at one or more sensitivity labels. A special label, known as the user clearance, determines the highest label at which a user is permitted to work. In addition, each user has a minimum sensitivity label. This label is used by default during login to a multilevel desktop session. After login, the user can choose to work at other labels within this range. A user could be assigned Public as the minimum sensitivity label and Confidential: Need to Know as the clearance. At first login, the desktop workspaces are at the label Public. During the session, the user can create workspaces at Confidential: Internal Use Only and Confidential: Need to Know.

Figure 1–3 Typical Industry Sensitivity Labels

All subjects and objects have labels on a system that is configured with Trusted Extensions. A subject is an active entity, usually a process. The process causes information to flow among objects or changes the system state. An object is a passive entity that contains or receives data, such as a data file, directory, printer, or other device. In some cases, a process can be an object, such as when you use the kill command on a process.

Labels can be displayed in window title bars and in the trusted stripe, which is a special stripe on the screen. Labels can be hidden. Label visibility depends on how the administrator configured the system. Figure 1–4 shows a typical multilevel Trusted Extensions session on a system that is configured to display labels. The labels and trusted stripe are indicated.

Figure 1–4 Typical Trusted CDE Session