Compartments
A compartment is one of the optional types of words that may appear in a sensitivity label or clearance. Compartments are called categories in some other trusted systems. Compartments are also sometimes referred to as channels in government organizations.
Compartment words are assigned to bits that are not intrinsically hierarchical. Hierarchies can be established between compartment words, but the hierarchies are based on rules for including bits from one compartment word in the bits defined for another compartment word.
Examples of Compartments
A compartment word can be used in many ways. For example, it can be used to represent an area of interest, a work group, a department, a division, or a geographical area. A compartment word in a label helps identify files and the individuals that are cleared to access them. For example, a classification of NEED TO KNOW in a label can be restricted by the presence of one or more compartment words defined with department names, such as ENGINEERING or HUMAN RELATIONS or LEGAL. A file with NEED TO KNOW LEGAL would be available only to individuals who had NEED TO KNOW classification and the LEGAL compartment word in their clearances.
For another example, a government agency or an international corporation might create a compartment word for each country or continent: USA, Mexico, China, Japan, Africa. A large company might create a compartment for each division: SunSoft, SunFed, SMCC, SunConnect, JavaSoft.
How Compartment Words Are Defined
Compartment words are optionally defined in the WORDS subsection for each label type. Each compartment word is assigned to one or more bits. The following example shows the SUN FEDERAL compartment word specified with a short name (sname) of SUNFED and compartment bits 40-50.
Example 1-1 Example Compartment Definition for a Sensitivity Label
SENSITIVITY LABELS: WORDS: name= SUN FEDERAL; sname= SUNFED; compartments= 40-50; |
Along with its classification field, each label has a 256 bit compartment field. Each bit is assignable in zero or more compartment words, as shown in Table 1-3. One or more compartment bits can be assigned to each compartment word. Out of the 255 available bits, the number of compartment words that can be created is practically limitless.
Table 1-3 Bits Available for Classification and Compartment Components|
Classification Field |
Compartments Field |
|---|---|
|
15 bits/32,767 possible values/256 values limit enforced |
256 bits |
The following table can be used to keep track of comparment bit assignments.
Table 1-4 Compartment Bit Tracking Table|
|
|
|
|
|
|
|
|
|
|
| ||||||
- © 2010, Oracle Corporation and/or its affiliates