Rand,
The major difference between system-high and compartmentalized is the
authorization levels of the users. In system-high, all users are
authorized to view all the information in the system, regardless of need
to know. In compartmentalized, users are only authorized to view the
information for which they have the need to know.
A quick example: Here we have John and Bob. John has a Top Secret
clearance and works on (i.e. has a need to know for) project Guinness.
Bob also has a Top Secret clearance and works on project Bass (it's late
and I'm thirsty). John's label (refer to Doug's explanation) is
TS-Guinness and Bob's label is TS-Bass.
Now, let's create a system that contains both TS-Guinness and TS-Bass.
We'll call it the Black and Tan system (now I'm really thirsty). In a
system-high configuration, John and Bob have access to both TS-Guinness
and TS-Bass information even though they only have the need to know the
information specific to their individual projects. In a
compartmentalized system, John and Bob can only access the information
for which they have the need to know, or TS-Guinness and TS-Bass
respectively.
I hope that clears up the confusion.
Richard Thomas, CISM, CISSP
Veridyn Inc.
Rand wrote the following, On 5/16/2005 3:29 PM:
Still confuses the heck out of me.I think the terms themselves are to
blame. "System-high", "Compartmentalized" are just more terms to
comprehend, but in reality, using "Classified" or "Top Secret", etc.
will work just as well. Hence, saying someone has "system-high" status
can be put in this manner: this person has "full clearance" to all
systems... It's just semantics as far as I'm concerned. Let's hear
some more enlightening opinions from experienced CISSP's. I'm still a
grunt...
Thanx,
Rand
On 5/15/05, *Doug Landoll* <dlandoll@veridyn.com
<mailto:dlandoll@veridyn.com>> wrote:
I believe some clarification is in order. To understand these
definitions you must clearly understand security labels and levels.
This is something most all CISSP books and classes gloss over. A
short tutorial follows:
1) a security LABEL is composed of both a level and a compartment
(sometimes called category or formal need to know).
a) the level is the hierarchical part of the label. i.e., Top
Secret > Secret > Confidential > Unclassified
b) the compartment is the non-hierarchical part of the label.
i.e., "Project Alpha", "Project Beta" these are simply members of
the compartment "set" and each person is either 'read onto the
program' or not. If you have been determined to have formal need to
know for "Project Alpha" information then you are read onto that
program.
c) The security label will then look like this Level:Compartment.
ie. Top Secret - Project Alpha, Secret, etc.
[That is a rather quick overview - if you still need help look up
the terms "dominance" and "non-comparable" labels.
2) When systems are deployed with sensitive information and those
systems are accessed by personnel with or without clearances, there
is a level of risk in these systems based on the difference between
the lowest cleared user and the most sensitive information. For
example, a system with SECRET cleared users and SECRET information
(no categories) is a low risk system, wereas a system with SECRET
information and UNCLASSIFIED users is a higher risk system.
3) The US Government has names for the different levels of risk in
systems based on the difference between the lowest cleared user and
the most sensitive information. These are defined as
a) System High (everybody is cleared for everything - not even
DAC-based NTK).
b) Dedicated (everybody is cleared for all labeled information,
but DAC controls are required - think personal records)
c) Compartmented Mode (everybody is cleared to the highest LEVEL
but may not have been read onto all categories - this means that MAC-
level enforcement is required. This is a big deal since many OSs do
not have MAC-based access control).
d) Multi-level System (not everybody has been cleared to the
highest LEVEL. This also means MAC control is required but there is
a higher risk. For example, there could be SECRET users and TOP
SECRET information.)
You have mastered this concept when you clearly understand the
following:
- difference between a label and a level and a compartment
- hierarchical vs. non-hierarchical
- domination, non-comparable labels
- NTK vs. Formal NTK
Good Luck,
Doug Landoll, CISSP, CISA
President, Veridyn Inc.
(512) 310-2228
--- In CISSP-Discuss@yahoogroups.com
<mailto:CISSP-Discuss@yahoogroups.com>, "Dave Sims" < davesims2@c...>
wrote:
I think your definitions are slightly skewed.
Compartmentalized security is based on need to know "Regardless"
of security level. An example might be My security rating is higher
than yours, but I am not allowed access to information stored in
your compartment because I don't work on that project, or need to
know about it.
Using need to know in system-high is somewhat confusing. System-
high mode is more a certification of the system, than the user.
This is another definition I Googled for you.
system high mode: [An] information system (IS) security mode of
operation wherein each user, with direct or indirect access to the
information system (IS), its peripherals, remote terminals, or
remote hosts, has all of the following: (a) valid security clearance
for all information within an IS; (b) formal access approval and
signed nondisclosure agreements for all the information stored
and/or processed (including all compartments, subcompartments and/or
special access programs); and (c) valid need-to-know for some of the
information contained within the IS. [INFOSEC-99]
Meaning to me that the system meets System-high parameters, and
you could still have compartmentalized security. I am not
absolutely certain on this and would welcome some more guidance from
someone else on the list.
Thanks
Dave
------------------------------------------------------------------------
*Yahoo! Groups Links*
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/>.
--
----------------------
Rand
~~~~~~~~~~~
Four wheels move the body. Two wheels move the soul.
------------------------------------------------------------------------
*Yahoo! Groups Links*
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/>.
--
Richard Thomas
Senior Security Consultant
Veridyn
(512) 310-2228
(512) 924-4593
rthomas@veridyn.com
www.veridyn.com
