Planning the Compartments

The group names will be encoded as non-hierarchical compartments. Compartments will be restricted to appear only in labels that have the NEED_TO_KNOW classification. Compartment restrictions are encoded in the ACCREDITATION RANGE section under COMBINATION CONSTRAINTS.

User clearances will control which users can create files and directories that have a group name in the label. User clearances will also control which users can create documents that have a label with more than one group name along with the NEED_TO_KNOW classification.

Previous: Planning the Classifications
Next: Planning the Use of Words in MAC