| 
 | |||
| 1. Labels in Trusted Extensions Software 3. Making a Label Encodings File (Tasks) 4. Labeling Printer Output (Tasks) 5. Customizing LOCAL DEFINITIONS 6. Example: Planning an Organization's Labels Identifying the Site's Label Requirements Climbing the Security Learning Curve Analyzing the Requirements for Each Label Configuring Users and Printers for Labels | Editing and Installing the label_encodings FileThe install team makes a printed copy and an online copy of the installed label_encodings file. The copy is used in case of problems with the new version of the file that the Security Administrator role supplies. The Security Administrator role uses a text editor to create the label_encodings file, and then uses the Check Encodings action to check the file. If the file passes Check Encodings, the action offers the option of installing the new version. When the Security Administrator role answers Yes, Check Encodings backs up the current version of the label_encodings file, and creates a new label_encodings file. Encoding the VersionThe following example shows the VERSION string that is modified with the name of company, a title, version number, and date.Example 6-3 SecCompany VERSION Entry VERSION= SecCompany, Inc. Example Version - 2.2 00/04/18 Encoding the ClassificationsThe following example shows the SecCompany classifications and values from Table 6-2, Table 6-3 and Table 6-4 added to the CLASSIFICATIONS section.Example 6-4 SecCompany CLASSIFICATIONS Section CLASSIFICATIONS: name= PUBLIC; sname= PUBLIC; value= 1; name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4; name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5; name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6; Note - A classification cannot contain the slash (/), or comma (,) character. The classifications are specified from the lowest value to the highest. Encoding the Sensitivity LabelsThe compartments in the Table 6-3 are encoded in the following example. The labels do not have any required combinations or combination constraints.Example 6-5 SecCompany WORDS in the SENSITIVITY LABELS Section SENSITIVITY LABELS: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MGT_GROUP; sname= EMGT; compartments= 11; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS: Encoding the Information LabelsEven though information labels are not used, values must be supplied under the INFORMATION LABELS: WORDS: section for the file to pass the encodings check. The Security Administrator role copies the words from the SENSITIVITY LABELS: WORDS: section, as shown in the following example.Example 6-6 SecCompany WORDS in the INFORMATION LABELS Section INFORMATION LABELS: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MGT_GROUP; sname= EMGT; compartments= 11; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS: Encoding the ClearancesBecause the clearance words are the same as the sensitivity labels words, the words in the following example are the same as the words in Example 6-5.Example 6-7 SecCompany WORDS in the CLEARANCES Section CLEARANCES: WORDS: name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20; minclass= NEED_TO_KNOW; name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMGT; compartments= 11; minclass= NEED_TO_KNOW; name= SALES; sname= SALES; compartments= 12; minclass= NEED_TO_KNOW; name= FINANCE; sname= FINANCE; compartments= 13; minclass= NEED_TO_KNOW; name= LEGAL; sname= LEGAL; compartments= 14; minclass= NEED_TO_KNOW; name= MARKETING; sname= MKTG; compartments= 15 20; minclass= NEED_TO_KNOW; name= HUMAN_RESOURCES; sname= HR; compartments= 16; minclass= NEED_TO_KNOW; name= ENGINEERING; sname= ENG; compartments= 17 20; minclass= NEED_TO_KNOW; name= MANUFACTURING; sname= MANUFACTURING; compartments= 18; minclass= NEED_TO_KNOW; name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19; minclass= NEED_TO_KNOW; name= PROJECT_TEAM; sname= P_TEAM; compartments= 20; minclass= NEED_TO_KNOW; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS: Encoding the ChannelsThis example is encoded with one channel for each group name compartment. Each channel uses the same compartment bits that are assigned to the compartment words in the SENSITIVITY LABELS: WORDS: section. The prefix is defined as DISTRIBUTE ONLY TO. The suffix is defined as (NON-DISCLOSURE AGREEMENT REQUIRED). DISTRIBUTE ONLY TO group-name (NON-DISCLOSURE AGREEMENT REQUIRED) The channel specifications in the following example create the desired wording in the handling instructions section. Note - The prefixes and suffixes are defined at the top of the section as shown in the following example. No compartments are assigned to them. The prefixes and suffixes are used to define the channels. Example 6-8 SecCompany WORDS in the CHANNELS Section CHANNELS: WORDS: name= DISTRIBUTE_ONLY_TO; prefix; name= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); suffix; name= EXECUTIVE_MANAGEMENT_GROUP; prefix= DISTRIBUTE_ONLY_TO; compartments= 11; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= SALES; prefix= DISTRIBUTE_ONLY_TO; compartments= 12; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= FINANCE; prefix= DISTRIBUTE_ONLY_TO; compartments= 13; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= LEGAL; prefix= DISTRIBUTE_ONLY_TO; compartments= 14; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= MARKETING; prefix= DISTRIBUTE_ONLY_TO; compartments= 15 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= HUMAN_RESOURCES; prefix= DISTRIBUTE_ONLY_TO; compartments= 16; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= ENGINEERING; prefix= DISTRIBUTE_ONLY_TO; compartments= 17 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= MANUFACTURING; prefix= DISTRIBUTE_ONLY_TO; compartments= 18; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= SYSTEM_ADMINISTRATION; prefix= DISTRIBUTE_ONLY_TO; compartments= 19; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); name= PROJECT_TEAM; prefix= DISTRIBUTE_ONLY_TO; compartments= 20; suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED); Encoding the Printer BannersNote - The term printer banners has a specialized meaning in the label_encodings file. A printer banner appears as a string on the printer banner page when the compartment that is associated with it appears in a job's label. The printer banner specifications that are shown in the following example create the desired wording in the PRINTER BANNERS section. For a sample banner page, see Figure 4-2. Note - Prefixes are defined at the top of the section, as shown in the following example. The prefixes have no assigned compartments. Example 6-9 SecCompany WORDS in the PRINTER BANNERS Section PRINTER BANNERS: WORDS: name= COMPANY CONFIDENTIAL:; prefix; name= ALL_DEPARTMENTS; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 11-20; name= EXECUTIVE_MANAGEMENT_GROUP; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 11; name= SALES; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 12; name= FINANCE; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 13; name= LEGAL; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 14; name= MARKETING; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 15 20; name= HUMAN_RESOURCES; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 16; name= ENGINEERING; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 17 20; name= MANUFACTURING; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 18; name= SYSTEM_ADMINISTRATION; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 19; name= PROJECT_TEAM; prefix= COMPANY CONFIDENTIAL:; suffix=(NON-DISCLOSURE AGREEMENT REQUIRED); compartments= 20; Encoding the Accreditation RangeThe combination constraints from Table 6-3, and the minimum clearance, minimum sensitivity label and minimum protect as classification from Planning the Minimums in an Accreditation Range are encoded in the ACCREDITATION RANGE: section in the following example. PUBLIC and INTERNAL_USE_ONLY are defined to never appear in a label with any compartment. NEED_TO_KNOW is defined to appear in a label with any combination of compartments. REGISTERED is defined to appear with no compartments.Example 6-10 SecCompany ACCREDITATION RANGE Section ACCREDITATION RANGE: classification= PUBLIC; only valid compartment combinations: PUBLIC classification= INTERNAL_USE_ONLY; only valid compartment combinations: INTERNAL classification= NEED_TO_KNOW; all compartment combinations valid; classification= REGISTERED; only valid compartment combinations: REGISTERED minimum clearance= PUBLIC; minimum sensitivity label= PUBLIC; minimum protect as classification= PUBLIC; Encoding the Local DefinitionsSecCompany, Inc. encodes site column headers and colors in the LOCAL DEFINITIONS section. Encoding the Column Headers in Label BuildersLabel builders are displayed whenever you need to set a label. The following example shows the modifications that changed the default values for the Classification Name and Compartments Name in the label builders.Example 6-11 SecCompany Headers in label_encodings File The following excerpt shows the modifications that changed the column headers in the label builders. The SecCompany Security Administrator role modified the compartment name. Classification Name= Classification; Compartments Name= Department; Encoding the Color NamesThe color names that are used in Example 6-12 were taken from the worksheet in Table 6-8.Example 6-12 SecCompany COLOR NAMES Section COLOR NAMES:
        label= Admin_Low;       color= #bdbdbd;
        label= PUBLIC;        color= green;
        label= INTERNAL_USE_ONLY;  color= yellow;
        label= NEED_TO_KNOW;  color= blue;
        label= NEED_TO_KNOW EMGT;  color= #7FA9EB;
        label= NEED_TO_KNOW SALES;  color= #87CEFF;
        label= NEED_TO_KNOW FINANCE;  color= #00BFFF;
        label= NEED_TO_KNOW LEGAL;  color= #7885D0;
        label= NEED_TO_KNOW MKTG;  color= #7A67CD;
        label= NEED_TO_KNOW HR;  color= #7F7FFF;
        label= NEED_TO_KNOW ENG;  color= #007FFF;
        label= NEED_TO_KNOW MANUFACTURING;  color= #0000BF;
        label= NEED_TO_KNOW PROJECT_TEAM;  color= #9E7FFF;
        label= NEED_TO_KNOW SYSADM; color= #5B85D0;
        label= NEED_TO_KNOW ALL; color= #4D658D;
        label= REGISTERED;  color= red;
        label= Admin_High;      color= #636363;
*
* End of local site definitions | ||
| 
 |