Rand,
I think part of the problem you are having is keeping all the
definitions straight. The terms "Classified" or "Top Secret won't work
just as well. System High and Compartmentalized are describing how the
systems operate, where as Classified or Top Secret apply toward the
level of protection that must be afforded information.
Consider the computer system where you probably work. It most likely
operates in System High mode of operation. All the information it
processes is unclassified (I'm assuming), You have a formal access
approval and signed nondisclosure agreements for all information, but
not the need to know for all information (i.e., you don't know how much
your boss is making, and can't see his information in the accounting
department).
For Compartmented, if Secret is the highest classification processed by
the system, everyone must have a secret clearance, a formal access
approval and signed nondisclosure agreements for all information, but
you will only have access to that information which you have a need to
know.
The main difference between the two is that in System High, there may be
information that you do not have a valid need to know, but you have the
ability to gain access to it (e.g., your not working on your coworkers
project, but you have access to his information). For compartmented,
you are only given access to that information that you have that need to
know (your not working on your coworkers project, and you don't have
access to his information).
I've put the definitions and links to my sources below.
I hope this helps.
Tom
From the CNSSI INFOSEC Glossary:
Classified information: Information that has been determined pursuant to
Executive Order 12958 or any predecessor Order, or by the Atomic Energy
Act of 1954, as amended, to require protection against unauthorized
disclosure and is marked to indicate its classified status.
http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf
From the Department of Defense 8510.1-M DoD Information Technology
Security Certification and Accreditation Process (DITSCAP) Manual:
Dedicated Mode. IS security mode of operation wherein each user, with
direct or indirect access to the system, its peripherals, remote
terminals, or remote hosts, has all of the following:
* Valid security clearance for all information within the system;
* Formal access approval and signed nondisclosure agreements for
all the information stored and/or processed (including all compartments
and/or special access programs); and
* Valid need-to-know for all information contained within the IS.
When in the dedicated security mode, a system is specifically and
exclusively dedicated to and controlled for the processing of one
particular type or classification of information, either for full-time
operation or for a specified period of time.
System High Mode. IS security mode of operation wherein each user, with
direct or indirect access to the IS, its peripherals, remote terminals,
or remote hosts, has all of the following:
* Valid security clearance for all information within an IS;
* Formal access approval and signed nondisclosure agreements for
all the information stored and/or processed (including all compartments
and/or special access programs); and
* Valid need-to-know for some of the information contained within
the IS.
Compartmented Mode. INFOSEC mode of operation wherein each user with
direct or indirect access to a system, its peripherals, remote
terminals, or remote hosts has all the following:
* Valid security clearance for the most restricted information
processed in the system;
* Formal access approval and signed nondisclosure agreements for
that information which a user is to have access; and
* Valid need-to-know for information which a user is to have
access.
Multilevel Mode. INFOSEC mode of operation wherein all the following
statements are satisfied concerning the users who have direct or
indirect access to the system, its peripherals, remote terminals, or
remote hosts:
* Some users do not have a valid security clearance for all the
information processed in the IS;
* All users have the proper security clearance and appropriate
formal access approval for that information to which they have access;
and
* All users have a valid need-to-know only for information for
which they have access.
http://www.dtic.mil/whs/directives/corres/pdf/85101m_0700/p85101m.pdf
_____
From: CISSP-Discuss@yahoogroups.com
[mailto:CISSP-Discuss@yahoogroups.com] On Behalf Of Rand
Sent: Monday, May 16, 2005 4:30 PM
To: Doug Landoll
Cc: CISSP-Discuss@yahoogroups.com
Subject: Re: [CISSP-D] System-high security mode vs Compartmented
security mode
Still confuses the heck out of me.I think the terms themselves are to
blame. "System-high", "Compartmentalized" are just more terms to
comprehend, but in reality, using "Classified" or "Top Secret", etc.
will work just as well. Hence, saying someone has "system-high" status
can be put in this manner: this person has "full clearance" to all
systems... It's just semantics as far as I'm concerned. Let's hear some
more enlightening opinions from experienced CISSP's. I'm still a
grunt...
Thanx,
Rand
On 5/15/05, Doug Landoll <dlandoll@veridyn.com> wrote:
I believe some clarification is in order. To understand these
definitions you must clearly understand security labels and levels.
This is something most all CISSP books and classes gloss over. A
short tutorial follows:
1) a security LABEL is composed of both a level and a compartment
(sometimes called category or formal need to know).
a) the level is the hierarchical part of the label. i.e., Top
Secret > Secret > Confidential > Unclassified
b) the compartment is the non-hierarchical part of the label.
i.e., "Project Alpha", "Project Beta" these are simply members of
the compartment "set" and each person is either 'read onto the
program' or not. If you have been determined to have formal need to
know for "Project Alpha" information then you are read onto that
program.
c) The security label will then look like this Level:Compartment.
ie. Top Secret - Project Alpha, Secret, etc.
[That is a rather quick overview - if you still need help look up
the terms "dominance" and "non-comparable" labels.
2) When systems are deployed with sensitive information and those
systems are accessed by personnel with or without clearances, there
is a level of risk in these systems based on the difference between
the lowest cleared user and the most sensitive information. For
example, a system with SECRET cleared users and SECRET information
(no categories) is a low risk system, wereas a system with SECRET
information and UNCLASSIFIED users is a higher risk system.
3) The US Government has names for the different levels of risk in
systems based on the difference between the lowest cleared user and
the most sensitive information. These are defined as
a) System High (everybody is cleared for everything - not even
DAC-based NTK).
b) Dedicated (everybody is cleared for all labeled information,
but DAC controls are required - think personal records)
c) Compartmented Mode (everybody is cleared to the highest LEVEL
but may not have been read onto all categories - this means that MAC-
level enforcement is required. This is a big deal since many OSs do
not have MAC-based access control).
d) Multi-level System (not everybody has been cleared to the
highest LEVEL. This also means MAC control is required but there is
a higher risk. For example, there could be SECRET users and TOP
SECRET information.)
You have mastered this concept when you clearly understand the
following:
- difference between a label and a level and a compartment
- hierarchical vs. non-hierarchical
- domination, non-comparable labels
- NTK vs. Formal NTK
Good Luck,
Doug Landoll, CISSP, CISA
President, Veridyn Inc.
(512) 310-2228
--- In CISSP-Discuss@yahoogroups.com, "Dave Sims" < davesims2@c...>
wrote:
I think your definitions are slightly skewed.
Compartmentalized security is based on need to know "Regardless"
of security level. An example might be My security rating is higher
than yours, but I am not allowed access to information stored in
your compartment because I don't work on that project, or need to
know about it.
Using need to know in system-high is somewhat confusing. System-
high mode is more a certification of the system, than the user.
This is another definition I Googled for you.
system high mode: [An] information system (IS) security mode of
operation wherein each user, with direct or indirect access to the
information system (IS), its peripherals, remote terminals, or
remote hosts, has all of the following: (a) valid security clearance
for all information within an IS; (b) formal access approval and
signed nondisclosure agreements for all the information stored
and/or processed (including all compartments, subcompartments and/or
special access programs); and (c) valid need-to-know for some of the
information contained within the IS. [INFOSEC-99]
Meaning to me that the system meets System-high parameters, and
you could still have compartmentalized security. I am not
absolutely certain on this and would welcome some more guidance from
someone else on the list.
Thanks
Dave
_____
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/> .
--
----------------------
Rand
~~~~~~~~~~~
Four wheels move the body. Two wheels move the soul.
_____
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/> .
