This appendix contains the label_encodings file that was customized in Chapter 6, Example: Planning an Organization's Labels.
The sample file has the following four classifications:
PUBLIC
INTERNAL_USE_ONLY
NEED_TO_KNOW
REGISTERED
In this model, PUBLIC is the sensitivity label for communications across the Internet. INTERNAL_USE_ONLY is the sensitivity label for communications within the company.
The sample file defines compartments to appear only in labels that have the NEED_TO_KNOW classification. The sample file also specifies that the default word Comps is changed to the word Departments in label-builder GUIs.
NEED_TO_KNOW compartments are:
ALL_DEPARTMENTS
The ALL_DEPARTMENTS compartment word gets turned on when all defined compartment bits are on and works as a toggle in a label builder.
EXECUTIVE_MGT_GROUP
SALES
FINANCE
LEGAL
MARKETING
HUMAN_RESOURCES
ENGINEERING
MANUFACTURING
SYSTEM_ADMINISTRATION
PROJECT_TEAM
PROJECT_TEAM is hierarchically below both ENGINEERING and MARKETING. The hierarchy enables a user who is working at NEED_TO_KNOW ENGINEERING or at NEED_TO_KNOW MARKETING to read files with the NEED_TO_KNOW PROJECT_TEAM label. The user cannot write to files that have that label.
This printed version is slightly different from the delivered version.
CIPSO label warning is added.
The word ”proprietary” is removed to match the examples in this guide.
Indications of CMW labels are removed.
* ident "@(#)label_encodings.example 5.13 06/08/04 SMI" * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * * This version of the label_encodings file encodes the Sun * confidential labels that are required by Sun's * legal and information protection departments. The prefix * COMPANY is omitted from the labels for * brevity. This encodings includes some example department * names that can be used for controlling access to information * across department boundaries. Commercial sites with different * requirements can copy this file and change the definitions to suit. * This example shows how to specify labels that meet an actual * site's legal information protection requirements for * labeling email and printer output. These labels can also * be used to enforce mandatory access control checks that are * based on user clearance labels, and on labels on files * and directories. VERSION= Sun Microsystems, Inc. Example Version - 5.13 06/08/04 * WARNING: If CIPSO Tag Type 1 network labels are to be used: * * a) All CLASSIFICATIONS values must be less than or equal to 255. * b) All COMPARTMENTS bits must be less than or equal to 239. * CLASSIFICATIONS: name= PUBLIC; sname= PUBLIC; value= 1; name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4; name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5; name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6; INFORMATION LABELS: WORDS: name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= MARKETING; sname= MRKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11; minclass= NEED_TO_KNOW; name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS: SENSITIVITY LABELS: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MRKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS: CLEARANCES: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMG; compartments= 11; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MRKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS: CHANNELS: WORDS: name= DISTRIBUTE_ONLY_TO; prefix; name= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); suffix; name= EXECUTIVE_MANAGEMENT_GROUP; prefix= DISTRIBUTE_ONLY_TO; compartments= 11; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= SALES; prefix= DISTRIBUTE_ONLY_TO; compartments= 12; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= FINANCE; prefix= DISTRIBUTE_ONLY_TO; compartments= 13; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= LEGAL; prefix= DISTRIBUTE_ONLY_TO; compartments= 14; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= MARKETING; prefix= DISTRIBUTE_ONLY_TO; compartments= 15 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= HUMAN_RESOURCES; prefix= DISTRIBUTE_ONLY_TO; compartments= 16; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= ENGINEERING; prefix= DISTRIBUTE_ONLY_TO; compartments= 17 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= MANUFACTURING; prefix= DISTRIBUTE_ONLY_TO; compartments= 18; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= SYSTEM_ADMINISTRATION; prefix= DISTRIBUTE_ONLY_TO; compartments= 19; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= PROJECT_TEAM; prefix= DISTRIBUTE_ONLY_TO; compartments= 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); PRINTER BANNERS: WORDS: name= CONFIDENTIAL:; prefix; name= ALL_DEPARTMENTS; prefix= CONFIDENTIAL:; compartments= 11-20; name= EXECUTIVE_MANAGEMENT_GROUP; prefix= CONFIDENTIAL:; compartments= 11; name= SALES; prefix= CONFIDENTIAL:; compartments= 12; name= FINANCE; prefix= CONFIDENTIAL:; compartments= 13; name= LEGAL; prefix= CONFIDENTIAL:; compartments= 14; name= MARKETING; prefix= CONFIDENTIAL:; compartments= 15 20; name= HUMAN_RESOURCES; prefix= CONFIDENTIAL:; compartments= 16; name= ENGINEERING; prefix= CONFIDENTIAL:; compartments= 17 20; name= MANUFACTURING; prefix= CONFIDENTIAL:; compartments= 18; name= SYSTEM_ADMINISTRATION; prefix= CONFIDENTIAL:; compartments= 19; name= PROJECT_TEAM; prefix= CONFIDENTIAL:; compartments= 20; ACCREDITATION RANGE: classification= PUBLIC; only valid compartment combinations: PUBLIC classification= INTERNAL_USE_ONLY; only valid compartment combinations: INTERNAL classification= NEED_TO_KNOW; all compartment combinations valid; classification= REGISTERED; only valid compartment combinations: REGISTERED minimum clearance= PUBLIC; minimum sensitivity label= PUBLIC; minimum protect as classification= PUBLIC; * * Local site definitions and locally configurable options. * LOCAL DEFINITIONS: Classification Name= Classification; Compartments Name= Departments; Default User Sensitivity Label= public; Default User Clearance= public; COLOR NAMES: label= Admin_Low; color= #bdbdbd; label= PUBLIC; color= green; label= INTERNAL_USE_ONLY; color= yellow; label= NEED_TO_KNOW; color= blue; label= NEED_TO_KNOW EMG; color= #7FA9EB; label= NEED_TO_KNOW SALES; color= #87CEFF; label= NEED_TO_KNOW FINANCE; color= #00BFFF; label= NEED_TO_KNOW LEGAL; color= #7885D0; label= NEED_TO_KNOW MRKTG; color= #7A67CD; label= NEED_TO_KNOW HR; color= #7F7FFF; label= NEED_TO_KNOW ENG; color= #007FFF; label= NEED_TO_KNOW MANUFACTURING; color= #0000BF; label= NEED_TO_KNOW PROJECT_TEAM; color= #9E7FFF; label= NEED_TO_KNOW SYSADM; color= #5B85D0; label= NEED_TO_KNOW ALL; color= #4D658D; label= REGISTERED; color= red; label= Admin_High; color= #636363; * * End of local site definitions * |