Setting Default and Inverse Words
When a bit is defined as an initial compartment, that means that the bit is on 1 in every label that contains the classification. Any bit specified for an initial compartment can be defined later in the label_encodings file so as to assign the bit to either a default word or an inverse word.
-
A default compartment word is a word that appears in any label that contains the classification.
-
An inverse compartment word is a word that appears in a label that has the associated classification when another word you define with the inverse compartment's bit is not present.
The following table summarizes the requirements for initial compartments values associated with classifications.
Table 2-5 Initial Compartments for Classifications|
Value |
Requirements |
|---|---|
|
*initial compartments= |
Specify bit numbers for any default compartment words (words that should always appear in any label that has the associated classification). ADVANCED: Also specify bit numbers for any inverse words. Recommended: set aside initial compartments for later additions of inverse words. |
The following example shows the PUBLIC classification assigned no initial compartments while the SUN FEDERAL classification is assigned initial compartments 4 and 5.
Example 2-3 Simplified Assignment of Initial Compartments
name= PUBLIC; sname= P; value= 1; name= SUN FEDERAL; sname= SUNFED; value= 4; initial compartments= 4-5 |
With the bits assigned in Example 2-3, a label that includes the PUBLIC classification has no default compartments assigned, while a label that includes the SUN FEDERAL classification always has compartment bits 4 and 5 turned on. See the example below and the following text for how these initial compartment bits can be assigned to words.
Example 2-4 Example of Defining Default and Inverse SENSITIVITY LABELS Words
SENSITIVITY LABELS: WORDS: name= DIVISION ONLY; sname= DO; minclass= SUN FEDERAL; compartments= 4-5; name= SMCC AMERICA; sname= SMCCA; minclass= SUN FEDERAL; compartments= ~4; name= SMCC WORLD; sname= SMCCW; minclass= SUN FEDERAL; compartments= ~5; |
The example above shows WORDS defined in the SENSITIVITY LABELS section of a label_encodings file. Compartment bits 4 and 5 are assigned to the word, DIVISION ONLY. Both compartment bits 4 and 5 are each also associated with an inverse word: SMCC AMERICA is assigned to the inverse compartment bit ~4 and SMCC WORLD is assigned to the inverse compartment bit ~5. As a result, a sensitivity label with the SUN FEDERAL classification initially includes the word DIVISION ONLY and its binary representation has the compartment bits 4 and 5 turned on, while a sensitivity label with the PUBLIC classification always has compartment bits 4 and 5 turned off, and as a result, the words SMCC AMERICA and SMCC WORLD are included in the label. Because a minclass of IUO is specified for the inverse words, SMCC AMERICA and SMCC WORLD are not displayed in the PUBLIC sensitivity label; the presence of these two inverse words is understood.
For any compartment or marking bits not reserved for later assignment, remember that for every initial compartment bit specified, you need to assign a word to the bit in the SENSITIVITY LABELS: WORDS:, INFORMATION LABELS: WORDS:, and COMPARTMENTS: WORDS: sections.
- © 2010, Oracle Corporation and/or its affiliates