CSO grade

Feature Details

warning

Please be informed that there are some restrictions on data access.
For detailed information about the CSO rating feature,nextYou can check it at.

Right-click to assign a rating

1. Overview

• Users can assign a rating to the document through the right-click menu.

2. Feature Settings (Required and Optional)

• The required items among the below must be set for the functionality to work.

1. DS_MIP_INIT policy add management center domain (required)

You need to add the following Security365 management center domain to the json data of the custom policy DS_MIP_INIT policy. (This is to retrieve security grade and label information.)

\{
    ...
    "s365_portal_url":"https://devspsvr.softcamp.co.kr"     // 주의) 해당 주소값은 예시이며, 사이트에 적용시 알맞은 public 도메인으로 변경 필요함.
    ...
\}

2. Add Right-Click Menu (required)

Add a rating assignment menu to the custom policy DS_MIP_SHELL_MENU**(link)**

\{
    ...
    \{
        "titleRes": "SHELL_MODIFY_SECULABEL",           // Menu name
        "titleDesc": "UI_DRM_TO_AIP_DESC",
        "targetCmd": 254,                               // This value is fixed, so it must be 254
        "targetIcon": "ApplySecuLabel.bmp",             // Menu icon resource
        "targetExt": "doc|xls|docx|pptx|xlsx|xlsb",
        "targetType": "*"
    \}
    ...
\}

• Related Resources
  • C:\Windows\Softcamp\SDK\Res\DS\ResUIKOR.rcmySHELL_MODIFY_SECULABEL = LabelingAdd Definition

3. Basic Selection Grade Setting (option)

• To set the default selected grade in the grade designation UI, you must set the default grade selection in the execution policy in the ztcap console.

• The execution policy backdata includes the following basic rating designation data.

  {
      //...
      "category": "availableSecurityLevelList",
      "info": {
        //...
        "defaultSelectLevelId": "iqCCmC4N-ADUvGusn-4Gkhlyi6-vPJQvg6r"     // 기본지정 등급 아이디
        //...
      }
  }

• If there is no corresponding policy, the label of the first grade level is selected.

3. Related Security365 Services**(required)**

warning

In order for the rating assignment feature to work, the security grade & label information must be registered in the management center (spsvr) service, and also, the policies regarding which grades can be assigned and changed must be registered in the conditional policies.

A. Management Center - Security Level & Label Registration

B. Conditional Policy (ztcap): Policy for Convertible Security Labels

- The ztcap policy must establish a policy regarding what security level (label) the current document can be changed to. ( [Development Background Data Related](https://wiki.SOFTCAMP.co.kr/pages/viewpage.action?pageId=162349616) )
    - [Conditional Policy - Endpoint Menu Guide](https://idocs.SOFTCAMP.co.kr/shieldrm/Guide/Webconsoleguide/Policy_Management/Endpoint)

---

Applying Overlay Icon

1. Overview

• Provide overlay icon identification feature for documents designated with document grade (C/S/O) in DS 6.0 ENT.
• Applicable colors:Red 🔴, Green 🟢, Yellow 🟡

2. Constraints

• If there are multiple (more than 12) overlay icons installed on Windows, existing overlay icons may not be displayed.
• In the client environment where the module is applied before feature development, the document with the document grade icon loses its identification information when edited/saved. The information that is deleted is the metadata stored in the pre header, and the grade information data is stored within the document, so the grade icon is reapplied when the file is opened/saved.
• When a document with a document grade icon is uploaded to and downloaded from Teams or SharePoint document libraries, the icon identification information may be deleted according to site policies.

---

Document Properties Window Security Level Display

1. Overview

Right-click on the file in Windows Explorer and**[Attribute]When you open __PH_0__, next to the existing tabs"Security Level" tabThis will appear new. In this tab, users can apply to the document.C/S/O Security Level(C/S/O = Document Security's document security classification system that categorizes documents as confidential, sensitive, or public, etc.)Check directly in read-only modeYou can do it. General documents · Company DRM (Digital Rights Management, Company Document Encryption) documents · MIP (Microsoft Information Protection, Microsoft Information Protection) documentsany type**It works the same way.

The reason this feature is needed

The C/S/O security levels applied to the document so far areSmall overlay icon displayed on top of the explorer iconIt could only be confirmed by __PH_0__. The overlay icon has a limit on the number displayed simultaneously and is small, making it difficult to definitively verify the grade of a specific document. Additionally, the existing "Security Document Information" tab (for MIP documents) only shows MIP label and permission information, without addressing C/S/O security grades.

This feature allows the user to**Check the rating directly in the properties window without relying on the overlay icon.**To enable this, a security classification display tab that applies to all document types is provided.

Operation Method

Document inRead the hidden stored security level informationThe properties tab displays 4 items (Grade ID · Grade Name · Label ID · Label Name). Since protected documents require internal decryption to read the grade, ensure that the properties window does not freeze.**Query in the background and update the results after showing a "Loading" progress indicator.**does.

info

Summary: Right-click on the file in Explorer → [Properties] →"Security Level" tabWhen you open it, the C/S/O security level (level ID, level name, label ID, label name) of that document is displayed as read-only. It works with all document types: General, DRM, MIP.

Scope / Entry Point

#	Entry Point	User Action
1	Explorer File Properties Window	Right-click on the file in Windows Explorer → [Properties] → Select the "Security Level" tab

warning

This feature isDocuments supported by Document Security extensionsThe "Security Level" tab appears only in (Office, PDF, etc.). The tab is not displayed for unsupported files (e.g., images, text).

2. Displayed Security Level Information

When you open the "Security Level" tab, it displays the security level information applied to the document in the following 4 items.

item	meaning
Security Level ID	Identification number of the security level applied to the document
Security Level Name	Name of Security Level
Label ID	Identification number of the label applied to the document
Label Name	Label Name

The displayed grade name and label name are**Save the name as it is in the document.**It shows (no separate normalization or substitution). The protected document may take time to read the grade information, so it first displays "Loading" on the tab and then updates with the results (the property window does not stop).

3. User Screen

The screen layout of the "Security Level" tab is as follows (top logo + progress indicator + 4 rows of information).

┌─ File Properties ──────────────────────────────────┐
│ [General] [Document Security Information] [Security Level]            │
│ ┌──────────────────────────────────────────┐ │
│ │  (Document Security logo)                 │ │
│ ├─ Security Level Information ─────────────────────────┤ │
│ │  Security Level ID    : 2                      │ │
│ │  Security Level Name      : Internal Only                 │ │
│ │  Label ID         : 10                     │ │
│ │  Label Name          : General                │ │
│ └──────────────────────────────────────────┘ │
└──────────────────────────────────────────────┘

• Before the query is complete, the phrase "Querying" andProgress Baris displayed, and when the query is finished, 4 rows of information will be filled in that place (entry into the property window does not stop).
• If you cannot read the grade (grade not assigned, decryption permission not granted, agent not running, etc.), then**"Unable to retrieve"**A single phrase is displayed.
• This tab isRead-onlyThere is no route to change or assign the grade.

4. Multilingual Support

Tab title · Item label · "Loading" · "Unable to load" and other screen phrases are6 languagesis provided.

division	content
Supported Languages	Korean / English / Japanese / Chinese / German / Russian
Resource	ResUIKOR/ENG/JPN/CHN/DEU/RUS.rcof[DS365Prop]Section C/S/O Phrase Key 8 Types
Determine Display Language	The resource phrase corresponding to the system locale is displayed.
Default value (fallback) = English	If the phrase resource has not been deployed or the corresponding language key cannot be found, the English phrase will be displayed (the same behavior as the current product resource operation that passes the English default phrase along with the call).

warning

To display multilingual phrases correctly,ResUI*.rc6 types (6.0.0.34) must be distributed together with the SDK installation package. In non-distributed environments, it will be displayed in English.

5. Operation Scenario Summary Table

#	situation	Operation Result
1	The support extension document (General·DRM·MIP) is subject to classification.	"Security Level" tab display → "Loading" → Display 4 rows (Level ID · Level Name · Label ID · Label Name)
2	Support extension document but no grade assigned	"Security Level" tab display → "Not Available"
3	Protected document but no decryption permission	"Security Level" tab display → "Not Available"
4	Security365 agent is not running	"Security Level" tab display → "Not Available" (no property window freeze)
5	Unsupported file extensions (image, text, etc.)	"Security Level" tabUnmarked

The attribute window does not stop while the grade is being queried, and the results will be updated in place once the query is complete.

6. Support Scope (Extension / Document Type)

• Tab Exposure Target: Document Security supports file types (Office, PDF, etc.). The determination is based on the product registration.**Supported Extension List (Read-Only Shared Memory)**It is performed with.
• Document Type: General (Plain Text) · Company DRM · MIP documents all. Only the decryption status varies by type, and the tab operation is the same.
• Not supported: Tabs do not appear for files that are not in the supported extension list.

7. Constraints

item	content
Reason for Unavailability Not Classified	The reasons for "No Grade Assigned," "No Decryption Permission," and "Agent Not Started" are displayed with a single "Cannot Retrieve" message without distinguishing between them.
Agent Dependency	Security level inquiry is done through the Security365 agent (DS365.CoreIt depends on the pipe server. When the agent is not running, it is displayed as "Not Available" (safely handled without freezing the properties window).
Color and Normalization Names Not Applied by Grade	This feature displays the grade name as it is stored in the document, along with overlay icons and similarColor Display by Grade·Management Center Grade System Standards**Normalization Names (Confidential/Sensitive/Public)**The conversion is not included.
Exclusion of visibility by permission and policy conflict handling	The audit log for grade inquiries defined in the planning, visibility by role and department scope, and display policy conflict guidance (5 types of status) are outside the scope of this work and are areas for future development.