The next step is to resolve the following issues:
How to use the classifications and compartments to encode the labels and clearances
Which handling instructions should appear on printed output
The security administrator used a large board. Pieces of paper were marked with the words that should be in the labels, as shown in Figure 6–5. This setup graphed the relationships. The pieces could be rearranged until all the pieces fit together.
The administrator drafted the following label relationships:
The four labels are hierarchical with the label that contains REGISTERED the highest. The PUBLIC label is the lowest.
Only one label needs to be associated with group names
The list of people who are cleared to receive registered information is limited on a case by case basis. Therefore, REGISTERED does not need any group names. INTERNAL_USE_ONLY applies to all employees and people who have signed nondisclosure agreements and PUBLIC labels are for everybody. Therefore, INTERNAL_USE_ONLY and PUBLIC labels do not need further qualification. The NEED_TO_KNOW label does need to be associated with non-hierarchical words, such as NEED_TO_KNOW MARKETING or NEED_TO_KNOW ENGINEERING. The words that identify the group or department can also be included in a user's clearance, as part of establishing that user's need to know.
Each of the labels except PUBLIC requires the person who is accessing the information to have signed a nondisclosure agreement.
A phrase such as NON-DISCLOSURE AGREEMENT REQUIRED would be a good reminder that this requirement exists.
The handling instructions on banner and trailer pages should have clear wording on how to handle the information. How to handle the information is based on the classification and on any group name that can appear in the label.
Along with information on the sensitivity of the printer output, handling instructions should print that a nondisclosure agreement is required when the label requires such an agreement.