220 of 234

Graphics, exponents, and equations will not display within the text file. A link to the PDF version of this section will be in this spot in the future.
                                 CHAPTER III

                             MODES OF OPERATION

1.  OVERVIEW.  Four Modes of Operation (dedicated, system high,
    compartmented, and multilevel) are authorized for classified AISs
    processing, storing, transmitting, or accessing classified information.

    a.   Boundary and Perimeter of the Classified AISs.  In order to
         determine the Mode of Operation, it is necessary to identify both
         the boundary and perimeter of the classified AIS.

         (1)  Boundary.  The conceptual limit of a Classified AIS that
              extends to all intended users of an AIS, both directly and
              indirectly connected, who receive output from the classified
              AIS without a reliable human review by an appropriately
              cleared authority.

         (2)  Perimeter.  The conceptual limit that encompasses all
              components of a Classified AIS to be accredited by the DAA.

    b.   Determination of Mode of Operation.  To determine the Mode of
         Operation of a Classified AIS, only two sets of facts are
         considered.  The relationship of these two sets of facts determines
         the Mode of Operation of the classified AIS:

         (1)  The classification levels, classification categories, and
              handling caveats of the information processed, stored,
              transferred, or accessed in the classified AIS; and

         (2)  The security clearance types, formal access approvals, and
              need-to-know of all users.

         Note:  The available or proposed security features of the
         classified AIS are not relevant in determining the classified AISs
         actual or proposed Mode of Operation nor is the method of
         implementation.

2.  PERIODS PROCESSING.  When processing sensitive unclassified information
    during periods processing on a Classified AIS, the need-to-know of the
    users is the most important factor in determining how the information is
    to be protected.

3.  DEFINITIONS OF MODES OF OPERATION.

    a.   Dedicated Mode. A Classified AIS is operating in the dedicated mode
         when each user with direct or indirect access to the classified
         AIS, its peripherals, remote terminals, or remote hosts has all of
         the following:

         (1)  A valid security clearance for all information on the
              classified AIS.

         (2)  Formal access approval for all the information processed,
              stored, transferred, or accessed.

         (3)  A valid need-to-know for all information contained within the
              classified AIS.

    b.   System High Mode.  A Classified AIS is operating in the system high
         mode when each user with direct or indirect access to the
         classified AIS, its peripherals, remote terminals, or remote hosts
         has all of the following:

         (1)  A valid security clearance for all information on the
              classified AIS or network.

         (2)  Formal access approval for all the information processed,
              stored, transferred, or accessed.

         (3)  A valid need-to-know for some of the information contained
              within the classified AIS.

         NOTE:  Based on the need-to-know approvals given to them by an
         appropriate authority (e.g., the owners of the information or the
         data base administrator, different users may have access to some or
         all of the information processed or stored in an AIS, provided they
         have been cleared for such information.

    c.   Compartmented Mode.  A Classified AIS is operating in the
         compartmented mode when each user with direct or indirect access to
         the classified AIS, its peripherals, remote terminals, or remote
         hosts has all of the following:

         (1)  A valid security clearance for all information on the
              classified AIS.

         (2)  Formal access approval for that information to which the user
              is to have access (i.e., some users do not have formal access
              approval for all Special Access Programs or intelligence
              compartments or subcompartments processed by the classified
              AIS).

         (3)  A valid need-to-know for that information to which the user is
              to have access.

    d.   Multilevel Mode.  A Classified AIS is operating in the multilevel
         mode when all the following statements are satisfied concerning the
         users with direct or indirect access to the classified AIS, its
         peripherals, remote terminals, or remote hosts:

         (1)  Some users do not have a valid security clearance for all the
              information processed, stored, transferred, or accessed in the
              classified AIS.

         (2)  All users have the proper security clearance and appropriate
              formal access approval (i.e., signed nondisclosure agreements)
              for that information to which they are to have access.

         (3)  All users have a valid need-to-know for the information to
              which they are to have access.