On Nov 21, 2005, at 11:57 AM, Michael Sweet wrote:
Chad Hanson wrote:
I am positive there are customer requirements for this. The
example could be
multiple classified networks, instead of unclass/class as well.
This can
provide printer reduction in these cases with a multilevel print
server.
Again, in my experience (having managed many DoD and other gov't
contracts), this type of configuration just isn't allowed. There
is typically a single "system high" classification level and all
print jobs are labeled as such. Users must then mark each page in
a document with a lower classification by hand. The CUPS classified
printing support is actually modeled on specific DoD requirements...
Michael, in a non LSPP system environment your summary is correct.
In an LSPP system, since the label is bound to the document (file)
with some assurance, you can print real labels on documents. We spool
multilevel print jobs from our Compartmented Mode Workstations (B1
era MLS) with print banners that reflect the document classification
- not the network system high. Banner pages and markings at the top
and bottom of each page. Accredited in 5 different countries and
multiple domains :)
DoD is not the only set of US rules (DCID 6/3 vs DoD 8500) and other
nations have their own rules. If possible, I would certainly like to
see real multilevel printer support. Anything less will be a step
backwards for our users.
joe
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
