![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0165: User Creation Of Processes Above The User's Clearance
NUMBER: I-0165
STATUS: Withdrawn
REASON: The interpretation simply states what is explicitly in the
criteria; no interpretation was felt to be necessary.
TITLE: User Creation Of Processes Above The User's Clearance
REQUIREMENT: Identification and Authentication
CRITERIA CLASSES: B1, B2, B3, A1
DOCUMENT(S): <None>
RELATED TO: <None>
STATEMENT:
The following interprets the Identification and Authentication requirement that ``This data shall be used by the TCB to authenticate the user's identity and to ensure that the security level and authorizations of subjects external to the TCB that may be created to act on behalf of the individual user are dominated by the clearance and authorization of that user.''. It also interprets the Mandatory Access Control requirement that ``Identification and authentication data shall be used by the TCB to authenticate the user's identity and to ensure that the security level and authorization of subjects external to the TCB that may be created to act on behalf of the individual user are dominated by the clearance and authorization of that user.''Users cannot create processes with labels above the user's clearance.