In an MLS environment, after determining what degrees of sensitivity and trust are necessary to the organization or parts of the organization, an authorized security administrator can create levels, which are the hierarchical elements of security labels.
An CA Top Secret MLS SECLEVEL Record segment defines a security level available in the system. You must define a separate record for each level you want to use in the system. You must define levels before you can define and assign security labels to users, data sets and resources.
Important! If you change or delete an existing security label, (for example, MLS Seclabel data record) that has been assigned to users or resources, you may get unexpected results during MLS validation. Before changing or removing a security label from the system, check whether it has been assigned to any users or resources. If it has, confirm that the change or deletion is intended. If it is, make any necessary changes to user acids and MLS resource records that are using the security label. If you delete a security level or category used in any existing security label, before removing the level or category from the system, confirm that the deletion is intended. If it is, make any necessary changes to existing security labels, and any user acids and MLS resource records using the security labels.
The format for this command is:
[Add | Remove | List] (MLS) SECLEVEL(level) lvlname(seclevel-name)
Specifies a record ID, which is a number between 1 and 254 without leading zeros or internal spaces. The number specified is the numeric rank of a security level. This field is required. The value supplied places the level in the hierarchy of all levels. The higher the number, the higher the level. A security label with a particular level dominates labels, whose levels have lower values, except as further restricted by categories. You cannot assign the same value for more than one level for a system. To change the value of a level, remove the SECLEVEL record and add a new one.
Range: 1 to 3 characters
Valid Record IDs: 1, 5, 10, 254
Invalid Record Ids: 01, 005, 010, 255
Specifies the unique, alphanumeric name of a security level. The name is always uppercased. Internal spaces are allowed, however, any leading or trailing blanks are trimmed off of the specified name. The name may never begin with the letters 'SYS', since this may cause confusion with any existing or future system-defined security labels. This field is optional.
Range: 1 to 255 characters
To create a SECLEVEL data record, enter:
TSS ADD(mls) SECLEVEL(200) LVLNAME('top secret')
TSS ADD(mls) SECLEVEL(100) LVLNAME(secret)
TSS ADD(mls) SECLEVEL(75) LVLNAME(classified)
TSS ADD(mls) SECLEVEL(25) LVLNAME(unclassified)
To view a SECLEVEL data record, enter:
TSS LIST(mls) SECLEVEL(200)
MLS SECLEVEL RECORDS SECLEVEL = 200 LVLNAME = TOP SECRET
TSS LIST(mls) SECLEVEL(all)
MLS SECLEVEL RECORDS SECLEVEL = 025 LVLNAME = UNCLASSIFIED SECLEVEL = 075 LVLNAME = CLASSIFIED SECLEVEL = 100 LVLNAME = SECRET SECLEVEL = 200 LVLNAME = TOP SECRET
To delete a SECLEVEL data record, enter:
TSS REM(mls) SECLEVEL(100)
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|