Eve was cleared as Top Secret and printed a classified document to a printer. The printer sent a success notification to Eve after printing. The printout has an explicit expression, //TS//SCI, on the header. Which of the following is not true?
A. The printed document is labeled as //TS and compartmented as //SCI.
B. Eve has need-to-know of the classified document in the performance of her duties.
C. Eve’s security level dominates that of the classified document.
D. Eve’s security level is higher than or equal to that of the printer.
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. The printed document is labeled as //TS and compartmented as //SCI.
The printed document is marked, instead of labeled.
- The printed document is marked as //TS//SCI.
- //SCI is a non-hierarchical category or compartment.
Eve’s security level dominates (grater than or equal to) that of both the classified document and the printer.
Labeling as a System-based Enforcement
The term security labeling refers to the association of security attributes with subjects and objects represented by internal data structures within organizational information systems, to enable information system-based enforcement of information security policies. (NIST SP 800-53 R4)
Marking as a Process-based Enforcement
The term security marking refers to the association of security attributes with objects in a human-readable form, to enable organizational process-based enforcement of information security policies. (NIST SP 800-53 R4)
- Media Marking and Media Labeling
- The Orange Book
- What is Sensitive Compartmented Information (SCI)?
- Sensitive Compartmented Information (SCI) Program
- Sensitive Compartmented Information
- Sensitive Compartmented Information Facility
- How is Sensitive Compartmented Information (SCI) Marked?
- What Does ‘Need to Know’ Mean?
- Can You Have a Secret Clearance with SCI?
- Clearances & Investigations
- Security Clearance Frequently Asked Questions
- Security Clearance Investigations Process Updated
- Differences Between Tier 4 and Tier 5 Security Clearance Investigations – Ask CJ
- List of U.S. security clearance terms
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.