The classifications and compartments in sensitivity labels and user clearances are used in mandatory access control (MAC). Therefore, the legal department's hierarchical labels and the group names need to be encoded as classifications and compartments so that they can be used in the labels that control which individual employees can access files and do other work.
SecCompany, Inc. defines a sensitivity label with the PUBLIC classification, which is assigned the lowest value in the User Accreditation Range, and another sensitivity label with the INTERNAL_USE_ONLY classification with the next highest value above PUBLIC.
Works only in a PUBLIC workspace.
Creates files only at PUBLIC.
Reads email only at PUBLIC.
Uses printers that have PUBLIC in their label range.
In contrast, an employee with no authorizations whose clearance is INTERNAL_USE_ONLY is able to use the system as follows:
Works in either a PUBLIC or an INTERNAL_USE_ONLY workspace.
Creates files at either PUBLIC or INTERNAL_USE_ONLY, depending on the employee's current workspace.
Receives and sends email at either sensitivity label.
Can print a file that is labeled PUBLIC on any printer with PUBLIC in its label range. Can send a file labeled INTERNAL_USE_ONLY to any printer with INTERNAL_USE_ONLY in its label range.