Information SEcurity > Multilevel Security (MLS) > What is Multi-Level Security (MLS)?

What is Multi-Level Security (MLS)?

Multi-Level Security (MLS) is a security system that classifies information into different security levels. These levels show how sensitive the information is and how much damage could happen if unauthorized people access it.

MLS is mainly used in military, government, and other high-security organizations. It helps control who can access certain information based on their security clearance.

Each level of information requires different protection methods, access permissions, and handling procedures for storing, sharing, and using the data.

MLS also uses compartmentalization. This means information is divided into separate sections or compartments. A person may have access to one compartment but not another, even if both are at the same security level. These compartments are often identified using special code names or labels.

Another important feature of MLS is contextual security. The system applies security rules and policies dynamically based on the situation and access request. This is also called dynamic policy enforcement.

MLS systems are designed to provide strong security assurance. Their security controls and policies can also be checked and verified independently by security assessors.

Case Study: Military Intelligence System

A military department stores different types of classified information in one secure computer system. The information is divided into security levels such as:

• Unclassified
• Confidential
• Secret
• Top Secret

Each employee or officer receives a security clearance level based on their role and responsibilities.

For example:

• A junior officer with “Confidential” clearance can only access confidential documents.
• A senior intelligence officer with “Top Secret” clearance can access highly sensitive intelligence reports.
• A civilian employee may only access unclassified information.

The system checks the user’s clearance level before allowing access. If a user tries to open information above their clearance level, access is denied automatically.

Compartmentalization Example

Suppose two intelligence projects exist:

• Project Eagle
• Project Falcon

Both projects are classified as “Top Secret.” However, an officer working on Project Eagle cannot access Project Falcon unless they are specifically authorized for that compartment.

This prevents unnecessary exposure of sensitive information.

Dynamic Policy Example

If a user tries to access Top Secret files from an unknown device or outside a secure military network, the system may:

• block access,
• require extra authentication, or
• alert security administrators.

No More

Next

Why is Multi-Level Security (MLS) Important?

Feedback

Submit