The security attributes that can be specified in networking templates are:
minimum label--defines the bottom of the label range for this security family. Outgoing packets to hosts in this security family cannot be below the minimum label.
maximum label--defines the top of the label range for this security family. Outgoing packets to hosts in this security family cannot be higher than the maximum label.
default label--sets the label to be applied by default to incoming packets from hosts in this security family.
default clearance--sets the clearance to be applied by default to incoming packets from hosts in this security family.
DOI--an integer that identifies the domain of interpretation, that is, the labelling scheme used by the default label and clearance for the particular host type.
IP label--identifies type of IP label: RIPSO, CIPSO, or none. If CIPSO, the /etc/system and label_encodings files must be modified to accommodate the ADMIN_HIGH label (see the "About Security Families" help card). If RIPSO, you must specify a RIPSO label for the RIPSO Send Class
allowed privileges--can be used to restrict privileges available to remote Trusted Solaris hosts. If these hosts can use any privileges, set All; if there is a limit, specify only those privileges that can be applied.
forced privileges--sets privileges to enable a remote host, typically an unlabeled host, to perform specific functions that may override security policy.
RIPSO Send Class--used by RIPSO hosts and with RIPSO IP labels only, the classification level at which datagrams sent to a host of that template are protected. The predefined Classes are Top Secret, Secret, Confidential and Classified.
RIPSO Send PAF (protection authority flag)--used by RIPSO hosts and with RIPSO IP labels only, the bit mask identifying the protection authorities on datagrams sent to a host of that template. The predefined authorities are: GENSER, SIOP-ESIm SCI, NSA, and DOE.
RIPSO Return PAF (protection authority flag)--used by RIPSO hosts and with RIPSO IP labels only, specifies the PAF portion of the RIPSO label on ICMP error messages sent back from hosts using this template.