The day to day management of access control requires management of labels, clearances, formal access approval, and need to know. These formal mechanisms are typically used to protect highly sensitive data, such as government or military data.
Objects have labels. A critical security step is the process of locating sensitive information and labeling and marking it as sensitive.
Executive Order 12356 – National Security Information
- Top secret – applied to information, the unauthorized disclosure could be expected to cause exceptionally grave damage to national security
- Secret – applied to information, the unauthorized disclosure could be expected to cause serious damage to national security
- Confidential – applied to information, the unauthorized disclosure could be expected to cause damage to national security
- Unclassified – Data not sensitive
- SBU Sensitive but unclassified – Data that is not a matter of national security such as health records of enlisted personnel
- FOUO – For Official Use Only
Compartments allow for additional control over highly sensitive information. This is called sensitive compartmented information (SCI). These compartments require a documented and approved need to know in addition to a normal clearance such as top secret.
A clearance is a formal determination of whether or not a user can be trusted with a specific level of information. Clearances must determine the “subject’s” current and potential future trustworthiness. These clearances mirrors the respective object labels of confidential, secret and top secret.
Formal Access Approval
A documented approval from the data owner for a subject to access certain objects, requiring the subject to understand all the rules and requirements for accessing data, and consequences should the data become lost, destroyed or compromised.
Need to know
Refers to answering the question: does the user “need to know” the specific data being accessed? Need to know is more granular than “least privilege”; unlike least privilege which typically groups objects together, need to know access decisions are based on each individual object.
Sensitive Information/Media Security
- Sensitive Information – Sensitive data physically reside on some sort of media, primary storage and backup storage. It can be transferred internally or externally. Wherever it is, CIA must be considered. Data should not be destroyed, disclosed, or altered.
- Handling – Sensitive media should be handled by trusted individuals with strict policies regarding handling.
- Storage – Sensitive information should be encrypted. Use of strong security controls is required where media contains sensitive information is accessible
- Retention – Retention of sensitive information should not persist beyond the period of usefulness or legal requirement whichever is greater.