Page 562 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide

P. 562

earlier in this chapter. Three requirements exist for users of dedicated
systems:

Each user must have a security clearance that permits access to all

information processed by the system.

Each user must have access approval for all information processed
by the system.

Each user must have a valid need to know for all information
processed by the system.

In the definitions of each of these modes, we use “all

information processed by the system” for brevity. The official

definition is more comprehensive and uses “all information
processed, stored, transferred, or accessed.” If you want to explore
the source, use an Internet search engine to locate Department of
Defense 8510.1-M DoD Information Technology Security
Certification and Accreditation Process (DITSCAP) Manual.

System High Mode System high mode systems have slightly
different requirements that must be met by users:

Each user must have a valid security clearance that permits access

to all information processed by the system.

Each user must have access approval for all information processed
by the system.

Each user must have a valid need to know for some information
processed by the system but not necessarily all information
processed by the system.

Note that the major difference between the dedicated mode and the

system high mode is that all users do not necessarily have a need to
know for all information processed on a system high mode computing
device. Thus, although the same user could access both a dedicated
mode system and a system high mode system, that user could access
all data on the former but be restricted from some of the data on the

557 558 559 560 561 562 563 564 565 566 567