Security clearance in the context of "Need to know"

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization.

There are two contexts for the use of multilevel security. One context is to refer to a system that is adequate to protect itself from subversion and has robust mechanisms to separate information domains, that is, trustworthy. Another context is to refer to an application of a computer that will require the computer to be strong enough to protect itself from subversion, and have adequate mechanisms to separate information domains, that is, a system we must trust. This distinction is important because systems that need to be trusted are not necessarily trustworthy.

Classified information is confidential material that a government, corporation, or non-governmental organisation deems to be sensitive information, which must be protected from unauthorized disclosure and that requires special handling and dissemination controls. Access is restricted by law, regulation, or corporate policies to particular groups of individuals with both the necessary security clearance and a need to know.

Classified information within an organisation is typically arranged into several hierarchical levels of sensitivity—e.g. Confidential (C), Secret (S), and Top Secret (TS). The choice of which level to assign a file is based on threat modelling, with different organisations have varying classification systems, asset management rules, and assessment frameworks. Classified information generally becomes less sensitive with the passage of time, and may eventually be reclassified or declassified and made public.

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic of classified information beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.

The desired degree of secrecy about such information is known as its sensitivity. Sensitivity is based upon a calculation of the damage to national security that the release of the information would cause. The United States has three levels of classification: Confidential, Secret, and Top Secret. Each level of classification indicates an increasing degree of sensitivity. Thus, if one holds a Top Secret security clearance, one is allowed to handle information up to the level of Top Secret, including Secret and Confidential information. If one holds a Secret clearance, one may not then handle Top Secret information, but may handle Secret and Confidential classified information.

A credential is a piece of any document that details a qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so.

Examples of credentials include academic diplomas, academic degrees, certifications, security clearances, identification documents, badges, passwords, user names, keys, powers of attorney, and so on. Sometimes publications, such as scientific papers or books, may be viewed as similar to credentials by some people, especially if the publication was peer reviewed or made in a well-known journal or reputable publisher.