The NRL IS Security Course Handbook

Modes of Operation

Mode of operation relates to the way the system is configured and operates when generating classified information. For single user stand alone systems, it is easy to implement a dedicated mode of operation when processing classified, since the user physically controls his actions. However, in the network environment, various "flavors" of operation can exist. Some systems are controlled internally, while others must be physically controlled to operate in the desired manner. The various classified modes are described below.

Multi-level: An IS that uses an operating system and associated system software to provide separation of personnel and material on the basis of security clearance and need-to-know .

Compartmented: An IS that provides separation of materials by establishing separate physical devices and areas of memory for the exclusive use of the assigned user.

Controlled: An IS that does not provide separation of users within the system. Separation and control is maintained by means of procedural or physical safeguards.

Dedicated: An IS, that at any given time, is used exclusively for a particular category of data, and all users have clearance and need-to-know for all of the data in the system. (note: unclassified is not permitted on this system when classified work is in process)

System High: An IS operated in accordance with the requirements for the highest category and type of material then contained in the system. All personnel having IS access shall have a security clearance, but not necessarily a need-to-know for all material contained in the system. In this mode, the design and operation of the IS must provide the control of concurrent available classified material in the system on the basis of need-to-know. (note: unclassified is permitted in this mode when classified work is in process)

Limited Access: An IS processing UNCLASSIFIED data that requires implementation of special controls to restrict access to individuals who, by their job function, have a need-to-know. Types of data processed in the limited access mode include FOUO, proprietary, and Privacy Act data.