2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	312/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 308 309 310 311 312 313 314 315 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Security Modes
The US government has designated four approved
security modes
for sys-
tems that process classifi ed information. These are described next. In Chapter 1, “Security
Governance Through Principles and Policies,” we reviewed the classifi cation system used
by the federal government and the concepts of security clearances and access approval.
The only new term in this context is
need to know
, which refers to an access authoriza-
tion scheme in which a subject’s right to access an object takes into consideration not just a
privilege level but also the relevance of the data involved in the role the subject plays (or the
job they perform). This indicates that the subject requires access to the object to perform
their job properly or to fi ll some specifi c role. Those with no need to know may not access
the object, no matter what level of privilege they hold. If you need a refresher on those
concepts, please review them in Chapter 1 before proceeding. Three specifi c elements must
exist before the security modes themselves can be deployed:
■
A hierarchical mandatory access control (MAC) environment
■
Total physical control over which subjects can access the computer console
■
Total physical control over which subjects can enter into the same room as the com-
puter console
You will rarely, if ever, encounter the following modes outside of the world
of government agencies and contractors. However, you may discover this
terminology in other contexts, so you’d be well advised to commit the
terms to memory.

330
Chapter 9
■
Security Vulnerabilities, Threats, and Countermeasures
Dedicated Mode
Dedicated mode
systems are essentially equivalent to the single-state
system described in the section “Processing Types” earlier in this chapter. Three require-
ments exist for users of dedicated systems:
■
Each user must have a security clearance that permits access to all information pro-
cessed by the system.
■
Each user must have access approval for all information processed by the system.
■
Each user must have a valid need to know for all information processed by the system.
In the definitions of each of these modes, we use “all information pro-
cessed by the system” for brevity. The official definition is more com-
prehensive and uses “all information processed, stored, transferred, or
accessed.” If you want to explore the source, use an Internet search engine
to locate
Department of Defense 8510.1-M DoD Information Technology
Security Certification and Accreditation Process (DITSCAP) Manual
.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 308 309 310 311 312 313 314 315 ... 881