What Are Incomparable Sensitivity Labels?

Sensitivity labels are incomparable when the same classification have different categories.

REMEMBER THIS: It is always the categories that are being compared, NOT the classifications.

Okay, so what the heck does THAT mean?

Labels, classifications, and categories have to do with MAC, Mandatory Access Control.

*Sensitivity Labels*

Labels contain classification and categories.

Classifications
Top Secret
Secret
Confidential
Unclassified

Categories Are Within Classifications
Classification           Category
Top Secret                Navy, Marines, Army

Secret                        Navy, Marines, Army
Confidential            Navy, Marines, Army
Unclassified             Navy, Marines, Army

*Comparable Sensitivity Labels*

Patrick is a CIA agent and wants to access Top Secret data pertaining to the Navy, Marines, and Army.

Patrick’s Sensitivity Label
Classification: Top Secret
Categories:  Navy, Marines, Army

Data’s Sensitivity Label
Classification: Top Secret
Categories:  Navy, Marines, Army

Patrick’s access request can be comparable because the subject’s sensitivity label contains the same categories of the object.

*Incomparable Sensitivity labels*

Howard is a CIA agent and wants to access Top Secret data pertaining to the Marines.

Howard’s Sensitivity Label
Classification: Top Secret
Categories:  Navy, Army

Data’s Sensitivity Label
Classification: Top Secret
Categories:  Navy, Army, Marines

Howard’s access request is incomparable because the subject’s sensitivity label contains different categories than the object.

  • Deepak J Bhatia

    This has to be the best explanation for
    “Sensitivity labels are incomparable when the same classification have different categories”

    A sensitivity label contains a single classification and a compartment set.
    Classification is the minimum sensitivity level
    Compartment set is a list of categories to enforce NTK

    Thank you for sharing

    • studynotesandtheory

      Thank you for the feedback Deepak!

      Please let me know if you have any other CISSP-related questions!

Search