ABSTRACT
Policies establish levels of sensitivity (e.g., top secret,
secret, confidential, and unclassified) for data and other
resources. These levels should be used for guidance on the
proper procedures for handling data-for example, instruc-
tions not to copy. They may be used as a basis for access
control decisions as well. In this case, individuals are
granted access to only those resources at or below a spe-
cific level of sensitivity. Labels are used to indicate the
sensitivity level of electronically stored documents.