Ver:
es aquel
[modo de operación] en el que un Sistema maneja información con diferentes
grados de clasificación. Permite el acceso selectivo y simultáneo a dicha
información al personal autorizado con diferentes grados de clasificación y
distintas necesidades de conocer. El Sistema realiza de manera fiable la
completa separación de los datos y el control del acceso selectivo.
[CCN-STIC-001:2006]
El sistema
maneja información con diferentes grados de clasificación. Permite el acceso
selectivo y simultáneo a dicha información al personal habilitado con
diferentes grados de clasificación y "necesidad de conocer". El
sistema realiza de manera fiable la completa separación de los datos y el
control de acceso selectivo. [CCN-STIC-103:2006]
Mode of operation
wherein all the following statements are satisfied concerning the users who
have direct or indirect access to the system, its peripherals, remote
terminals, or remote hosts: 1) some users do not have a valid security
clearance for all the information processed in the information system; 2) all
users have the proper security clearance and appropriate formal access approval
for that information to which they have access; and 3) all users have a valid
need-to-know only for information to which they have access. [CNSSI_4009:2010]
1. (N) A mode of
system operation wherein (a) two or more security levels of information are
allowed to be to be handled concurrently within the same system when some users
having access to the system have neither a security clearance nor need-to-know
for some of the data handled by the system and (b) separation of the users and
the classified material on the basis, respectively, of clearance and
classification level are dependent on operating system control. (See: /system
operation/ under "mode", need to know, protection level, security
clearance. Compare: controlled mode.)
Usage: Usually
abbreviated as "multilevel mode". This term was defined in U.S.
Government policy regarding system accreditation, but the term is also used
outside the Government.
2. (O) A mode of
system operation in which all three of the following statements are true: (a)
Some authorized users do not have a security clearance for all the information
handled in the system. (b) All authorized users have the proper security
clearance and appropriate specific access approval for the information to which
they have access. (c) All authorized users have a need-to-know only for
information to which they have access. [C4009] (See: formal access approval, protection
level.)
[RFC4949:2007]
Temas relacionados