| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris Trusted Extensions Label Administration |
1. Labels in Trusted Extensions Software
3. Making a Label Encodings File (Tasks)
4. Labeling Printer Output (Tasks)
5. Customizing LOCAL DEFINITIONS
6. Example: Planning an Organization's Labels
A. Sample Label Encodings File
This printed version is slightly different from the delivered version.
CIPSO label warning is added.
The word ”proprietary” is removed to match the examples in this guide.
Indications of CMW labels are removed.
* ident "@(#)label_encodings.example 5.13 06/08/04 SMI"
*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
*
* This version of the label_encodings file encodes the Sun
* confidential labels that are required by Sun's
* legal and information protection departments. The prefix
* COMPANY is omitted from the labels for
* brevity. This encodings includes some example department
* names that can be used for controlling access to information
* across department boundaries. Commercial sites with different
* requirements can copy this file and change the definitions to suit.
* This example shows how to specify labels that meet an actual
* site's legal information protection requirements for
* labeling email and printer output. These labels can also
* be used to enforce mandatory access control checks that are
* based on user clearance labels, and on labels on files
* and directories.
VERSION= Sun Microsystems, Inc. Example Version - 5.13 06/08/04
* WARNING: If CIPSO Tag Type 1 network labels are to be used:
*
* a) All CLASSIFICATIONS values must be less than or equal to 255.
* b) All COMPARTMENTS bits must be less than or equal to 239.
*
CLASSIFICATIONS:
name= PUBLIC; sname= PUBLIC; value= 1;
name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4;
name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5;
name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6;
INFORMATION LABELS:
WORDS:
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
SENSITIVITY LABELS:
WORDS:
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
CLEARANCES:
WORDS:
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
CHANNELS:
WORDS:
name= DISTRIBUTE_ONLY_TO; prefix;
name= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
suffix;
name= EXECUTIVE_MANAGEMENT_GROUP;
prefix= DISTRIBUTE_ONLY_TO; compartments= 11;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= SALES; prefix= DISTRIBUTE_ONLY_TO; compartments= 12;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= FINANCE; prefix= DISTRIBUTE_ONLY_TO; compartments= 13;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= LEGAL; prefix= DISTRIBUTE_ONLY_TO; compartments= 14;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= MARKETING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 15 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= HUMAN_RESOURCES; prefix= DISTRIBUTE_ONLY_TO;
compartments= 16;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= ENGINEERING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 17 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= MANUFACTURING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 18;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= SYSTEM_ADMINISTRATION; prefix= DISTRIBUTE_ONLY_TO;
compartments= 19;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= PROJECT_TEAM; prefix= DISTRIBUTE_ONLY_TO; compartments= 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
PRINTER BANNERS:
WORDS:
name= CONFIDENTIAL:; prefix;
name= ALL_DEPARTMENTS;
prefix= CONFIDENTIAL:;
compartments= 11-20;
name= EXECUTIVE_MANAGEMENT_GROUP;
prefix= CONFIDENTIAL:;
compartments= 11;
name= SALES; prefix= CONFIDENTIAL:;
compartments= 12;
name= FINANCE; prefix= CONFIDENTIAL:;
compartments= 13;
name= LEGAL; prefix= CONFIDENTIAL:;
compartments= 14;
name= MARKETING; prefix= CONFIDENTIAL:;
compartments= 15 20;
name= HUMAN_RESOURCES;
prefix= CONFIDENTIAL:;
compartments= 16;
name= ENGINEERING;
prefix= CONFIDENTIAL:;
compartments= 17 20;
name= MANUFACTURING;
prefix= CONFIDENTIAL:;
compartments= 18;
name= SYSTEM_ADMINISTRATION;
prefix= CONFIDENTIAL:;
compartments= 19;
name= PROJECT_TEAM;
prefix= CONFIDENTIAL:;
compartments= 20;
ACCREDITATION RANGE:
classification= PUBLIC; only valid compartment combinations:
PUBLIC
classification= INTERNAL_USE_ONLY; only valid compartment combinations:
INTERNAL
classification= NEED_TO_KNOW; all compartment combinations valid;
classification= REGISTERED; only valid compartment combinations:
REGISTERED
minimum clearance= PUBLIC;
minimum sensitivity label= PUBLIC;
minimum protect as classification= PUBLIC;
*
* Local site definitions and locally configurable options.
*
LOCAL DEFINITIONS:
Classification Name= Classification;
Compartments Name= Departments;
Default User Sensitivity Label= public;
Default User Clearance= public;
COLOR NAMES:
label= Admin_Low; color= #bdbdbd;
label= PUBLIC; color= green;
label= INTERNAL_USE_ONLY; color= yellow;
label= NEED_TO_KNOW; color= blue;
label= NEED_TO_KNOW EMG; color= #7FA9EB;
label= NEED_TO_KNOW SALES; color= #87CEFF;
label= NEED_TO_KNOW FINANCE; color= #00BFFF;
label= NEED_TO_KNOW LEGAL; color= #7885D0;
label= NEED_TO_KNOW MRKTG; color= #7A67CD;
label= NEED_TO_KNOW HR; color= #7F7FFF;
label= NEED_TO_KNOW ENG; color= #007FFF;
label= NEED_TO_KNOW MANUFACTURING; color= #0000BF;
label= NEED_TO_KNOW PROJECT_TEAM; color= #9E7FFF;
label= NEED_TO_KNOW SYSADM; color= #5B85D0;
label= NEED_TO_KNOW ALL; color= #4D658D;
label= REGISTERED; color= red;
label= Admin_High; color= #636363;
*
* End of local site definitions
*
|