The Compartmented Mode Workstation (CMW) Evaluation Criteria, Version 1 [DDS-2600-6243-91] defines minimum security requirements for workstations to be accredited in the Compartmented Mode under the policy set forth in Defense Intelligence Agency Manual 50-4 [DIAM 50-4]. Because of the number of CMWs needed throughout the intelligence community and the need for interoperability among the CMWs, standard encodings of security labels are necessary.
Defining encodings for security labels is a three-step process. First, the set of human-readable labels to be represented must be identified and understood. The definition of this set includes the list of classifications and other words used in the human-readable labels, relations between and among the words, classification restrictions associated with use of each word, and intended use of the words in mandatory access control and labeling system output. Next, this definition is associated with an internal format of integers, bit patterns, and logical relationship statements. Finally, a CMW system file is created to store the encodings. This document emphasizes the second and third steps, and assumes that the first has already been performed.
The encodings are used by a CMW to control the conversion of human-readable labels into the internal format used by the CMW, the conversion from the internal format to a human-readable canonical form, and the construction of banner pages for printed output. Furthermore, though not used directly by the CMW in combining information labels, the encodings values are critical in adjudicating the combinations of different information label components. Encodings must be provided for 1) classifications; 2) other words in information labels, sensitivity labels, clearances, handling channels, and printer banners; and 3) the system and user accreditation ranges and related values.
A companion document, Compartmented Mode Workstation (CMW) Labeling: Source Code and User Interface Guidelines [DDS-2600-6215-91], describes the standard software that operates on the encodings described in this document.