The SecCompany setup team for Trusted Extensions makes a printed copy and an online copy of the installed label_encodings file. The copy is used in case of problems with the new version of the file that the security administrator supplies.
The security administrator uses a text editor to create the label_encodings file and then uses the chk_encodings -a command to check the file. After the file passes all semantic and syntactic checks, the security administrator backs up the current version of the label_encodings file, and installs the new label_encodings file.
The following example shows the SecCompany VERSION string in the label_encodings file.
Example 18 SecCompany VERSION StringVERSION= SecCompany, Inc. Example Version - 2.2 10/10/20
The following example shows the SecCompany classifications and values from Figure 5, Table 5, Classifications Planner for SecCompany in the CLASSIFICATIONS section.
Example 19 SecCompany CLASSIFICATIONS SectionCLASSIFICATIONS: name= PUBLIC; sname= PUB; value= 1; name= INTERNAL_USE_ONLY; sname= IUO; aname= IUO; value= 4; name= NEED_TO_KNOW; sname= NTK; aname= NTK; value= 5; name= REGISTERED; sname= REG; aname= REG; value= 6;
The compartments from Figure 6, Table 6, Compartments and User Accreditation Range Combinations Planner for SecCompany are specified in the following example. The labels do not have any required combinations or combination constraints.
Example 20 SecCompany WORDS in the SENSITIVITY LABELS SectionSENSITIVITY LABELS: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMGT; compartments= 11;minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FIN; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MFG; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS:
Even though information labels are not used, values must be supplied under the INFORMATION LABELS: WORDS: section of the label_encodings file for the file to pass the encodings check. The security administrator copies the words from the SENSITIVITY LABELS: WORDS: section. The result is shown in the following example.
Example 21 SecCompany WORDS in the INFORMATION LABELS SectionINFORMATION LABELS: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMGT; compartments= 11;minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FIN; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MFG; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS
Because the clearance words are the same as the sensitivity labels words, the words in the following example are the same as the words in Specifying the Sensitivity Labels.
Example 22 SecCompany WORDS in the CLEARANCES SectionCLEARANCES: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMGT; compartments= 11;minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FIN; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MFG; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS:
The security administrator specifies one channel for each group name compartment. Each channel uses the same compartment bits that are assigned to the compartment words in the SENSITIVITY LABELS: WORDS: section. The prefix is defined as DISTRIBUTE_ONLY_TO. The suffix is defined as (NON-DISCLOSURE AGREEMENT REQUIRED). The following is the proposed wording for handling instructions:
DISTRIBUTE_ONLY_TO group-name (NON-DISCLOSURE AGREEMENT REQUIRED)
The channel specifications in the following example create this wording.
CHANNELS: WORDS: name= DISTRIBUTE_ONLY_TO; prefix; name= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); suffix; name= ALL_DEPARTMENTS; prefix= DISTRIBUTE_ONLY_TO; compartments= 11-20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= EXECUTIVE_MANAGEMENT_GROUP; prefix= DISTRIBUTE_ONLY_TO; compartments= 11; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= SALES; prefix= DISTRIBUTE_ONLY_TO; compartments= 12; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= FINANCE; prefix= DISTRIBUTE_ONLY_TO; compartments= 13; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= LEGAL; prefix= DISTRIBUTE_ONLY_TO; compartments= 14; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= MARKETING; prefix= DISTRIBUTE_ONLY_TO; compartments= 15 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= HUMAN_RESOURCES; prefix= DISTRIBUTE_ONLY_TO; compartments= 16; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= ENGINEERING; prefix= DISTRIBUTE_ONLY_TO; compartments= 17 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= MANUFACTURING; prefix= DISTRIBUTE_ONLY_TO; compartments= 18; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= SYSTEM_ADMINISTRATION; prefix= DISTRIBUTE_ONLY_TO; compartments= 19; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= PROJECT_TEAM; prefix= DISTRIBUTE_ONLY_TO; compartments= 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
The term printer banner has a specialized meaning in the label_encodings file. A printer banner appears as a string on the banner page of printed output when the compartment that is associated with the printer banner string is part of a job's label.
The SecCompany PRINTER BANNERS section is shown in the following example. For a sample banner page, see Typical Banner Page of a Labeled Print Job.
PRINTER BANNERS: WORDS: name= SECCOMPANY CONFIDENTIAL:; prefix; name= (NON-DISCLOSURE AGREEMENT REQUIRED); suffix; name= ALL_DEPARTMENTS; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 11-20; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= EXECUTIVE_MANAGEMENT_GROUP; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 11; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= SALES; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 12; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= FINANCE; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 13; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= LEGAL; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 14 20; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= MARKETING; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 15; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= HUMAN_RESOURCES; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 16; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= ENGINEERING; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 17 20; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= MANUFACTURING; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 18; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= SYSTEM_ADMINISTRATION; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 19; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); name= PROJECT_TEAM; prefix= SECCOMPANY CONFIDENTIAL:; compartments= 20; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED);
The ACCREDITATION RANGE: section in the following example shows the combination constraints from Figure 6, Table 6, Compartments and User Accreditation Range Combinations Planner for SecCompany, and the minimum clearance, minimum sensitivity label, and minimum "Protect As" classification from Planning the Minimum Labels in an Accreditation Range. PUBLIC, INTERNAL_USE_ONLY, and REGISTERED are defined to never appear in a label with any compartment. NEED_TO_KNOW is defined to appear in a label with any combination of compartments.
Example 25 SecCompany ACCREDITATION RANGE SectionACCREDITATION RANGE: classification= PUBLIC; only valid compartment combinations: PUB classification= INTERNAL_USE_ONLY; only valid compartment combinations: IUO classification= NEED_TO_KNOW; all compartment combinations valid; classification= REGISTERED; only valid compartment combinations: REG minimum clearance= PUB; minimum sensitivity label= PUB; minimum protect as classification= PUB;
SecCompany sets the default user labels, and customizes column headings and colors in the LOCAL DEFINITIONS section.
SecCompany enables all users to access the PUBLIC label.
Example 26 SecCompany Default User LabelsDefault User Sensitivity Label= PUB; Default User Clearance= PUB;
The security administrator used the worksheet in Figure 11, Table 11, Color Names Planner for SecCompany to complete the Color Names section.
Example 27 SecCompany COLOR NAMES SectionCOLOR NAMES: label= Admin_Low; color= #BDBDBD; label= PUBLIC; color= green; label= INTERNAL_USE_ONLY; color= yellow; label= NEED_TO_KNOW; color= blue; label= NEED_TO_KNOW EMGT; color= #7FA9EB; label= NEED_TO_KNOW SALES; color= #87CEFF; label= NEED_TO_KNOW FIN; color= #00BFFF; label= NEED_TO_KNOW LEGAL; color= #7885D0; label= NEED_TO_KNOW MKTG; color= #7A67CD; label= NEED_TO_KNOW HR; color= #7F7FFF; label= NEED_TO_KNOW ENG; color= #007FFF; label= NEED_TO_KNOW MFG; color= #0000BF; label= NEED_TO_KNOW P_TEAM; color= #9E7FFF; label= NEED_TO_KNOW SYSADM; color= #5B85D0; label= NEED_TO_KNOW ALL; color= #4D658D; label= REGISTERED; color= red; label= Admin_High; color= #636363; * * End of local site definitions