Table of Contents
- Identifying the Site's Label Requirements
- Climbing the Security Learning Curve
- Analyzing the Requirements for Each Label
- Defining the Set of Labels
- Planning the Classifications
- Planning the Compartments
- Planning the Use of Words in MAC
- Planning the Use of Words in Labeling System Output
- Planning Unlabeled Printer Output
- Planning for Supporting Procedures
- Planning the Classification Values in a Worksheet
- Planning the Compartment Values and Combination Constraints in a Worksheet
- Planning the Clearances in a Worksheet
- Planning the Printer Banners in a Worksheet
- Planning the Channels in a Worksheet
- Planning the Minimums in an Accreditation Range
- Planning the Colors in a Worksheet
- Editing and Installing the
label_encodingsFile - Encoding the Version
- Encoding the Classifications
- Encoding the Sensitivity Labels
- Encoding the Information Labels
- Encoding the Clearances
- Encoding the Channels
- Encoding the Printer Banners
- Encoding the Accreditation Range
- Encoding the Local Definitions
- Encoding the Column Headers in Label Builders
- Encoding the Color Names
- Configuring Users and Printers for Labels
SecCompany, Inc. is a fictional name for the company whose label requirements are modeled in this example. To protect the corporation's intellectual property, the company's legal department mandates that employees use three labels on all sensitive email and printed materials. The three labels, from most sensitive to least sensitive are the following:
-
SecCompany Confidential: Registered -
SecCompany Confidential: Need To Know -
SecCompany Confidential: Internal Use Only
The legal department also approves the use of an optional fourth label, Public. The Public label is for information that
can be distributed to anyone without restrictions.
At SecCompany, Inc, the manager in charge of Information Protection makes use of all possible channels to communicate labeling requirements. However, some employees do not understand the requirements. Other employees forget about requirements or ignore the requirements. Even when labels are properly applied, the information is not always properly handled, stored, and distributed. For example, reports indicate that even Registered information is sometimes found unattended. Copies of Registered information have been left next to copy machines and printers, in break rooms, or in lobbies.
The legal department wants a better way to ensure that information is properly labeled without relying totally on employee compliance. The system administrators want a better way to control the following:
-
Who can see or modify sensitive information
-
Which information is printed on which printers
-
How printer output is handled
-
How email at various levels of security is distributed internally and externally
Trusted Extensions software does not leave labeling up to the discretion of computer users. All printer output from print servers that are configured with Trusted Extensions is automatically labeled according to the site's requirements.
Even though security was not yet fully understood at the company, executives knew that Trusted Extensions could implement certain features immediately.
-
Automatic labeling of print jobs
-
Printers with restricted access by label
-
Email with restricted access by label
Each print job is automatically assigned a label. The label corresponds either to the level at which the user is working or to the user's level of responsibility.
Figure 6–1 shows an employee
working at a level of INTERNAL_USE_ONLY. At this level,
the work should only be accessible by SecCompany employees and others who
have signed nondisclosure agreements. When the employee sends email to the
printer, the print job is automatically assigned the label INTERNAL_USE_ONLY.
The printer automatically prints a company-specified label at the top and bottom of each page of printed output.
Figure 6–2 shows the letter
that was sent to the printer in Figure 6–1 being
printed with the user's working label. The label, INTERNAL_USE_ONLY,
is printed at the top and bottom of every page.
Example 6.1. Handling Guidelines on Banner and Trailer Pages
This example shows the wording for a print job whose sensitivity level
has a classification of NEED_TO_KNOW and a department of HUMAN_RESOURCES. Banner and trailer pages are automatically created
for each print job and are printed with company-specific handling guidelines.
NEED_TO_KNOW HR DISTRIBUTE ONLY TO HUMAN RESOURCES (NON-DISCLOSURE AGREEMENT REQUIRED)
Printed below the sensitivity label, handling instructions provides distribution instructions for the printed material. The instructions state that the information should be distributed only to human resources personnel who need to know the information. Also, a reader must have signed a nondisclosure agreement.
Printers can be configured to print only jobs with labels within a restricted label range. For example, Figure 6–3 illustrates that the legal department's printer has been set up to print only jobs that have been assigned one of three labels:
-
NEED_TO_KNOW LEGAL– Can be viewed only by employees with a need to know within the legal department -
INTERNAL_USE_ONLY– Can be viewed only by permanent employees of the SecCompany company and customers who have signed nondisclosure agreements -
PUBLIC– Can be viewed by anyone
This printer setup excludes jobs that are sent at any other label. For
example, this printer would reject jobs at the labels NEED_TO_KNOW
MARKETING and REGISTERED.
Printers in locations that are accessible to all employees can be similarly
restricted. For example, printers can be configured to print jobs only at
the two labels that all employees can view, INTERNAL_USE_ONLY and PUBLIC.
Similar to how the printer label range controls which jobs can be printed on a particular printer, a user's account sensitivity label range limits which email the person can handle. Figure 6–4 shows email that is being labeled at the sensitivity label of the user's mail application. The email is sent to the mail application at that label.
Gateways to the Internet were set up to screen email so that emails
at inappropriate labels could not be sent outside of the company. Inappropriate
labels are any labels except PUBLIC.