Use of security labels is standard practice for handling information in high-security environments. Documents are marked with a label, such as "Secret," and access to information is controlled by an equivalent security clearance. Security labels for online information generally use ESS (Enhanced Security Services for S/MIME - RFC 2634), which is based on the X.411 specification. Compatible security clearances are defined in X.501.
An ESS security label comprises:
- Policy. This identifies the policy controlling the security label (e.g., NATO).
- Classification. This is an extensible definition of the label classification (e.g., "Restricted").
- Privacy Mark. A text description, typically used when printing the security label.
- Categories. An extensible mechanism to provide additional information within the label, typically to restrict its scope (e.g., to a specific class of information).
A security clearance covers a set of classifications and associated categories. A security clearance is usually referred to as the highest of the classifications included in the clearance. However, it is important to remember that a security label has a single value, whereas a security clearance is a set of values against which a security label is matched.
... Steve Kille