A designation applied to data indicating the sensitivity of the data with respect to national security. The designation, as described by executive order 12356, is one of the following, given in increasing order of sensitivity: UNCLASSIFIED, CONFIDENTIAL, SECRET, TOP SECRET.
A designation applied to a person, indicating the sensitivity of data to which the person is allowed access when the person has an established need to know for the data. The designation consists of one of the classification levels with the possible addition of compartments, such as A or B. "Clearance" is also called security level of a user (or person) in some contexts.
A designation applied to a type of sensitive information, indicating the special handling procedures to be used for the information and the general class of people who may have access to the information. As used in this document, "compartment" has the same meaning as the word "category" in the National Computer Security Center's Trusted Computer System Evaluation Criteria, DoD 5200.28-STD. As used in this document, "compartment" refers to what the intelligence community calls compartments, subcompartments, SAPs, or SAPIs.
A standard format for a label. A human-readable sensitivity label is in canonical form if it consists of a short classification name followed by any zero or more words, with any words present appearing in the same order as they appear in the SENSITIVITY LABELS: section of the encodings. A human-readable clearance is in canonical form if it consists of a short classification name followed by any zero or more words, with any words present appearing in the same order as they appear in the CLEARANCES: section of the encodings. A human-readable information label is in canonical form if it consists of a long classification name followed by any zero or more words, with any words present appearing in the same order as they appear in the INFORMATION LABELS: section of the encodings.
As used throughout this document, a word on which mandatory access control is not directly based (i.e., users are not specifically "cleared" or "briefed into" the word), but which implies a compartment on which mandatory access control is directly based.
A word associated with only default bits. A default word appears in all labels containing the classification with which the word's default bits are associated, but can be prevented from appearing in the human-readable representation of a label with an output minimum classification.
Security level SL1 dominates security level SL2 if the classification in SL1 is greater than or equal to the classification in SL2 and all the compartments in SL2 are also contained in SL1. A sensitivity label is said to dominate an information label if the security level in the sensitivity label dominates the security level in the information label. More generally, any bit string S1 dominates bit string S2 if all of the bits on in S1 are also on in S2.
Information Label. A piece of information that accurately represents the sensitivity of the data in a subject or object. An information label consists of an information level and other required security markings (e.g., codewords and handling caveats, control and release markings), to be used for data labeling purposes. The term information label is used when referring to both the information level and markings, and the term information level is used when referring to only the level portion of the label (not including the markings).
The security level in an information label. An information level represents the actual classification and compartments of the data in a subject or object with which the level is associated. Information levels are used for data labeling, not for mandatory access control.
A compartment or marking bit in the internal representation of a label whose 0 value is associated with the presence of a word in a human-readable label and that is specified as 1 in the initial compartments or the initial markings for one or more classifications. An inverse bit is 1 in a label that does not contain any of the inverse words associated with the bit, and is therefore 1 in a label that contains no words.
A component of a human-readable label, other than a classification, whose internal representation contains at least one inverse bit. Adding an inverse word to a label either decreases or changes the sensitivity of the label, but never increases the sensitivity (i.e., changes at least one bit from 1 to 0).
Control of access to an object by a process, host, or person on the basis of the sensitivity label of the object and the sensitivity label of the process attempting access to the object.
Information, other than security level, that must be associated with data within a computer system and with human-readable output. Markings include codewords and handling caveats, control and release markings. Markings are a portion of an information label.
Any system user designated by the ISSO as a normal user. Normal users typically include at least those users that are not operators, administrators, or ISSOs. Normal users are constrained to create only sensitivity labels that appear in the accreditation range of the system.
A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc.
An independent unit of activity operating on behalf of a specific system user or on behalf of the system itself. A process can be thought of as a program in execution, but different users running the same program have different processes running the programs. Similarly, the same user running multiple different programs can have different processes running the programs, and the same user running a program more than once has different processes running the program.
Special Access Program for Intelligence. Those special access programs involving intelligence activities that fall within the statutory authority and responsibility of the Director of Central Intelligence. Within these provisions, only those programs that require, as a condition of access, the signing of a nondisclosure statement are considered to be SAPIs. SAPIs are thereby given the status of SCI compartments and subcompartments in terms of the minimum required security levels necessary for their protection.
Sensitive Compartmented Information. All information and materials requiring special Community controls indicating restricted handling within present and future Community intelligence collection programs and their end products. These special Community controls are formal systems of restricted access established to protect the sensitive aspects of intelligence sources and methods and analytical procedures of foreign intelligence programs. The term does not include Restricted Data as defined in Section II, Public Law 585, Atomic Energy Act of 1954, as amended.
A hierarchical classification and a set of nonhierarchical compartments, and any SAPs and/or SAPIs.
A piece of information that represents the sensitivity level of a subject or an object and that describes the sensitivity (e.g., classification) of the data in the subject or object. Sensitivity labels/levels are used as the basis for mandatory access control decisions. Sensitivity labels/levels, because they are used for mandatory access control, must represent the sensitivity of both the subject or object and the data in the subject or object. Therefore, sensitivity labels/levels sometimes overrepresent the sensitivity of the data itself. The information label associated with subjects and objects is generally a more accurate representation of the sensitivity of the data in the subject or object. In the intelligence community, sensitivity labels typically represent the classification, compartments, subcompartments, SAPs and/or SAPIs associated with the subject or object.
A compartment or marking bit in the internal representation of a label whose 0 value is associated with the presence of a word in a human-readable label and that is specified as 1 in the prefix associated with the word. A special inverse bit is 0 in a label that does not contain any of the special inverse words associated with the prefix that specifies the bit and is therefore 0 in a label that contains no words.
A set of sensitivity labels, denoted by a well-formed minimum sensitivity label and a well-formed maximum sensitivity label, that represents those sensitivity labels that can be processed by the system as a whole. All sensitivity labels and clearances processed by the system must be well formed, must dominate the minimum sensitivity label, and must be dominated by the maximum sensitivity label.
The subset of the system accreditation range that normal (non-authorized) users of the system can set (i.e., those sensitivity labels at which users can create subjects or objects, or to which users can change existing sensitivity labels). The user accreditation range applies only to sensitivity labels to be associated with subjects and objects and used for mandatory access control.
A word is said to be visible in a label if the presence of the word in the label does not cause the label to violate the dominance constraint on the label. The classification and compartments portion of each information label must be dominated by the associated sensitivity label, which in turn must be dominated by the associated user's clearance. If adding a word to an information label increases the sensitivity of the label such that the associated sensitivity label no longer dominates the information label, then the word is not visible in that information label.
A label that satisfies the set of well-formedness criteria specified in the encodings. These criteria include 1) the initial compartments and markings associated with each classification; 2) the minimum classification, output minimum classification, and maximum classification associated with each word; 3) the hierarchies defined by the bit patterns chosen for each word; 4) the required combinations of words; and 5) the combination constraints that apply to the words.