Procedural requirements for the Common Criteria (Labeled Security only)

The ability of the evaluated configuration to enforce the intent of the organizational security policy, especially with regard to the mandatory access controls, is dependent on the establishment of procedures.

Create the following procedures to protect the data:

Permit users authorization to specific security labels
Establish the security label of all important information
Mark a security label on all generated output
Establish the security label of all peripheral devices (such as printers, disk drives, tape drives)