The security administrator should design the distributed system based on the site's security policy. The security policy dictates configuration decisions regarding such things as:
How much auditing will be done for all users in the system and for which classes of events
How much auditing will be done for users in roles and for which classes of events
How audit data will be managed, archived, and reviewed
Which labels will be used in the system and whether the ADMIN_LOW and ADMIN_HIGH labels will viewable by ordinary users
Which user clearances will be assigned to individuals
Which devices (if any) will be allocatable by which normal users
Which label ranges are defined for machines, printers, and other devices
Whether the Trusted Solaris system will be used in an evaluated configuration or in an extended configuration.