Differences Between Single-label and Installed Label Encodings Files

The label_encodings.single file that is installed by default is almost identical to the multilabel version label_encodings.multi. The only differences are in the settings in the ACCREDITATION RANGE section, which defines which of the classifications and compartments are usable by ordinary users.

Multiple Sensitivity Labels Version

The ACCREDITATION RANGE settings in the default label_encodings file are shown in the following example.

Example B-1 ACCREDITATION RANGE Settings in the Default Multilabel Encodings File

ACCREDITATION RANGE: 
classification= u;   all compartment combinations valid;
classification= c;   all compartment combinations valid;
classification= s;   all compartment combinations valid;
classification= ts;   all compartment combinations valid;

minimum clearance= c; 
minimum sensitivity label= u; 
minimum protect as classification= u;

To allow the site to use all the classifications and compartment words defined elsewhere in the label_encodings.multi file, the following are defined in the ACCREDITATION RANGE section:

• UNCLASSIFIED, CLASSIFIED, SECRET, and TOP SECRET are defined with all compartment combinations valid

• CLASSIFIED is defined as the minimum clearance,

• UNCLASSIFIED is defined as the minimum sensitivity label, and

• UNCLASSIFIED is defined as the minimum protect as classification.

  (The minimum protect as classification is explained under "Specifying the Protect As Classification" in Chapter 3, Specifying Labels and Handling Guidelines for Printer Output.)

Single Sensitivity Label Version

This section describes the ACCREDITATION RANGE settings in the default label_encodings.single file, as shown in the following example.

Example B-2 ACCREDITATION RANGE Settings in the Default Single-label Encodings File

ACCREDITATION RANGE:  classification= s;
only valid compartment combinations:  s a b rel cntry1
minimum clearance= s Able Baker NATIONALITY: CNTRY1;
minimum sensitivity label= s A B REL CNTRY1;
minimum protect as classification= s;

The label_encodings.single file restricts the user ACCREDITATION RANGE in the ACCREDITATION RANGE section:

• SECRET defined as the only classification,

• SECRET A B REL CNTRY1 defined as the only valid compartment combination,

• SECRET ABLE BAKER NATIONALITY: CNTRY1 defined as the minimum clearance,

• SECRET A B REL CNTRY1 defined as the minimum sensitivity label, and

• SECRET defined as the minimum protect as classification

An easy way to run with a single sensitivity label is to change only the ACCREDITATION RANGE section in the label_encodings.single file. Alternately, you can create an encodings file from scratch with only one classification and with either no compartments or with only the compartments you need. See "To Replace the Single Label in the Default Single-Label Encodings File" for guidelines for both approaches.