System high mode, or simply system high, is a security mode of using an

automated information system An automated information system (AIS) is an assembly of computer hardware, software, firmware, or any combination of these, configured to accomplish specific information-handling operations, such as communication, computation, dissemination, process ...

(AIS) that pertains to an environment that contains restricted data that is classified in a hierarchical scheme, such as

Top Secret Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, ...

Secret Secrecy is the practice of hiding information from certain individuals or groups who do not have the "need to know", perhaps while sharing it with other individuals. That which is kept hidden is known as the secret. Secrecy is often controvers ...

and

Unclassified Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, ...

. System high pertains to the IA features of information processed, and specifically not to the strength or trustworthiness of the system. System high mode is distinguished from other modes (such as

multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...

) by its lack of need for the system to contribute to the protection or separation of unequal security classifications. In particular, this precludes use of the features of objects (e.g. content or format) produced by or exposed to an AIS operating in system high mode as criteria to securely downgrade those objects. As a result, all information in a system high AIS is treated as if it were classified at the highest security level of any data in the AIS. For example, Unclassified information can exist in a secret system high computer but it must be treated as secret, therefore it can never be shared with unclassified destinations (unless downgraded by reliable human review, which itself is risky because of lack of omniscient humans.) There is no known technology to securely declassify system high information by automated means because no reliable features of the data can be trusted after having been potentially corrupted by the system high host. When unreliable means are used (including ''

cross-domain solution A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software, and sometimes hardware, that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of ...

s'' and ''bypass guards'') a serious risk of system exploitation via the bypass is introduced. Nevertheless, it has been done where the resulting risk is overlooked or accepted. Example: When Daniel is granted access to a computer system that uses System High mode, Daniel must have a valid security clearance for all information processed by the system and valid "need to know" for some, but not necessary all, informations processes by the system.

Sources

* NCSC (1985). "Trusted Computer System Evaluation Criteria". National Computer Security Center. (a.k.a. the

TCSEC Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCS ...

or "Orange Book" or DOD 5200.28 STD). * CISSP (2018). "Certified Information System Security Professional, Official Study Guide". 8th Edition Computer security procedures

See also

Sources