The install team makes a printed copy and an on-line copy of the installed label_encodings(4) file in case of problems with the new version of the file supplied by the Security Administrator role.
The Security Administrator role uses any text editor to create the label_encodings(4) file, and then uses the Check Encodings action to check the file. If the file passes Check Encodings, the action offers the option of installing the new version. When the Security Administrator role answers Yes, Check Encodings overwrites the current version of the label_encodings file. The Check Encodings action creates a backup version of the existing file (naming it label_encodings.orig), before overwriting it.
The encodings for Solar Systems, Inc. are shown in User Type font in the screen examples.
The following example shows the VERSION string modified with the name of company, a title, version number, and date.
VERSION= Solar Systems, Inc. Example Version - 2.2 00/04/18 |
The following example shows the Solar Systems' classifications and values from Table 5-2, Table 5-3 and Table 5-4 added to the CLASSIFICATIONS section.
CLASSIFICATIONS: name= PUBLIC; sname= PUBLIC; value= 1; name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4; name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5; name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6; |
A classification cannot contain the slash (/) , or comma (,) characters. The classifications are specified from the lowest value to the highest.
The compartments in the Table 5-3 are encoded in the SENSITIVITY LABELS: WORDS: example shown below.
This example does not have any required combinations or combination constraints.
SENSITIVITY LABELS: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MRKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS: |
Even though information labels are not used, values must be supplied under the INFORMATION LABELS: WORDS: section for the file to pass the encodings check. The Security Administrator role copies the words from the SENSITIVITY LABELS: WORDS: section, as shown in the following example.
INFORMATION LABELS: WORDS: name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass=NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass=NEED_TO_KNOW; name= MARKETING; sname= MRKTG; compartments= 15 20; minclass=NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11; minclass= NEED_TO_KNOW; name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; name= DO_NOT_FORWARD; sname= NO_FORWD; minclass= INTERNAL; markings= 0; access related; name= RELEASE_AFTER_BETA; sname= AFTER_BETA; minclass= NEED_TO_KNOW; markings= ~0 1 ~2; access related; name= RELEASE_AFTER_FCS; sname= AFTER_FCS; minclass= NEED_TO_KNOW; markings= ~0 ~1 2; access related; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS |
Because the clearance words are the same as the sensitivity labels words, the words in the following example are the same as those in Example 5-4.
CLEARANCES: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMG; compartments= 11; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MRKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_ KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS: |
This example is encoded with one channel for each group name compartment, using the same compartment bits assigned to the compartment words in the SENSITIVITY LABELS: WORDS: section. The prefix is defined as DISTRIBUTE ONLY TO. The suffix is defined as (NON-DISCLOSURE AGREEMENT REQUIRED).
DISTRIBUTE ONLY TO GROUP_NAME (NON-DISCLOSURE AGREEMENT REQUIRED) |
The channel specifications shown in the following example will create the desired wording in the handling caveats section.
The prefixes and suffixes are defined at the top of the section as shown in the following example, and they have no compartments assigned to them. They are used in defining the channels; each channel has a prefix and suffix assigned to it.
CHANNELS: WORDS: name= DISTRIBUTE_ONLY_TO; prefix; name= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); suffix; name= EXECUTIVE_MANAGEMENT_GROUP; prefix= DISTRIBUTE_ONLY_TO; compartments= 11; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= SALES; prefix= DISTRIBUTE_ONLY_TO; compartments= 12; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= FINANCE; prefix= DISTRIBUTE_ONLY_TO; compartments= 13; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= LEGAL; prefix= DISTRIBUTE_ONLY_TO; compartments= 14; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= MARKETING; prefix= DISTRIBUTE_ONLY_TO; compartments= 15 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= HUMAN_RESOURCES; prefix= DISTRIBUTE_ONLY_TO; compartments= 16; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= ENGINEERING; prefix= DISTRIBUTE_ONLY_TO; compartments= 17 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= MANUFACTURING; prefix= DISTRIBUTE_ONLY_TO; compartments= 18; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= SYSTEM_ADMINISTRATION; prefix= DISTRIBUTE_ONLY_TO; compartments= 19; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= PROJECT_TEAM; prefix= DISTRIBUTE_ONLY_TO; compartments= 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); |
The term printer banners has a specialized meaning in the label_encodings(4) file, and it does not refer to the banner page that is printed before a job. Printer banners appear as a string on the printer banner page when the compartment associated with it appears in a job's label.
The printer banner specifications shown in the following example will create the desired wording in the PRINTER BANNERS section.
Any prefixes are defined at the top of the section as shown in the following example, and they have no compartments assigned to them. They are used in defining the PRINTER BANNERS; each printer banner has a prefix assigned to it.
PRINTER BANNERS: WORDS: name= COMPANY PROPRIETARY/CONFIDENTIAL:; prefix; name= ALL_DEPARTMENTS; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 11-20; name= EXECUTIVE_MANAGEMENT_GROUP; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 11; name= SALES; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 12; name= FINANCE; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 13; name= LEGAL; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 14; name= MARKETING; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 15 20; name= HUMAN_RESOURCES; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 16; name= ENGINEERING; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 17 20; name= MANUFACTURING; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 18; name= SYSTEM_ADMINISTRATION; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 19; name= PROJECT_TEAM; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 20; |
The combination constraints from the Table 5-3 and the minimum clearance, minimum sensitivity label and minimum protect as classification from Table 5-8 are encoded in the ACCREDITATION RANGE: example shown in the following example. PUBLIC and INTERNAL_USE_ONLY are defined so that these two classifications can never appear in a label with any compartment while NEED_TO_KNOW is defined so it can appear in a label with any combination of compartments, and REGISTERED with no compartments.
ACCREDITATION RANGE: classification= PUBLIC; only valid compartment combinations: PUBLIC classification= INTERNAL_USE_ONLY; only valid compartment combinations: INTERNAL classification= NEED_TO_KNOW; all compartment combinations valid; classification= REGISTERED; only valid compartment combinations: REGISTERED minimum clearance= PUBLIC; minimum sensitivity label= PUBLIC; minimum protect as classification= PUBLIC; |
The following example shows that none of the default values are changed at Solar Systems, Inc. for the default and forced flags, and Default Label View in the LOCAL DEFINITIONS section.
LOCAL DEFINITIONS: default flags= 0x0; forced flags= 0x0; Default Label View is External; |
The default settings for heading names used in label builders are shown in the following example.
Classification Name= Class; Compartments Name= Comps; |
Label builders are displayed whenever you need to set a label. For example, the following figure shows a label builder with the heading names specified at the Solar Systems company: Classification instead of Class, and Departments instead of Comps.
The following example shows the modifications the Solar System Security Administrator role made to change the default values set for the Classification Name, Compartments Name, and Markings Name.
Classification Name= Classification; Compartments Name= Departments; |
The color names used in Example 5-13 were taken from the worksheet in Table 5-9.
COLOR NAMES: label= Admin_Low; color= #bdbdbd; label= PUBLIC; color= green; label= INTERNAL_USE_ONLY; color= yellow; label= NEED_TO_KNOW; color= blue; label= NEED_TO_KNOW EMG; color= #7FA9EB; label= NEED_TO_KNOW SALES; color= #87CEFF; label= NEED_TO_KNOW FINANCE; color= #00BFFF; label= NEED_TO_KNOW LEGAL; color= #7885D0; label= NEED_TO_KNOW MRKTG; color= #7A67CD; label= NEED_TO_KNOW HR; color= #7F7FFF; label= NEED_TO_KNOW ENG; color= #007FFF; label= NEED_TO_KNOW MANUFACTURING; color= #0000BF; label= NEED_TO_KNOW PROJECT_TEAM; color= #9E7FFF; label= NEED_TO_KNOW SYSADM; color= #5B85D0; label= NEED_TO_KNOW ALL; color= #4D658D; label= REGISTERED; color= red; label= Admin_High; color= #636363; * * End of local site definitions |