Page 564 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 564
Each user must have access approval for all information they will
have access to on the system.
Each user must have a valid need to know for all information they
will have access to on the system.
As you look through the requirements for the various modes of
operation approved by the federal government, you’ll notice that the
administrative requirements for controlling the types of users that
access a system decrease as you move from dedicated systems down to
multilevel systems. However, this does not decrease the importance of
limiting individual access so that users can obtain only the
information they are legitimately entitled to access. As discussed in the
previous section, it’s simply a matter of shifting the burden of
enforcing these requirements from administrative personnel (who
physically limit access to a computer) to the hardware and software
(which control what information can be accessed by each user of a
multiuser system).
Multilevel security mode can also be called the controlled
security mode.
Table 9.1 summarizes and compares these four security modes
according to security clearances required, need to know, and the
ability to process data from multiple clearance levels (abbreviated
PDMCL). When comparing all four security modes, it is generally
understood that the multilevel mode is exposed to the highest level of
risk.
TABLE 9.1 Comparing security modes
Mode Clearance Need to know PDMCL
Dedicated Same None None
System high Same Yes None
Compartmented Same Yes Yes
Multilevel Different Yes Yes
