Security Labels and Classification

A recent Ferris report, The Central Role of Classification for Compliance and Content Control, described document classification.

Security labels (see backgrounder [Security Labels here]) provide a mechanism for document and information classification. Security labels are often used in environments where document classification is mandatory, and access according to this classification will be enforced.

The key benefits of security labels come when there is a requirement to enforce access. If classification is for informational or advisory purposes only, a simpler scheme is likely to make more sense.

Security labels provide a number of advantages where enforcement is required:

  • A well-understood framework for managing and enforcing access.
  • Standardized online representation of labels in ESS (Enhanced Security Services for S/MIME - RFC 2634).
  • Labels can be bound to documents or email using X.509 digital signatures.
  • Associated clearances can be bound to users in an X.509 digital certificate. In conjunction with the previous point, this provides important security capabilities.

Where enforcement of access is needed, security labels are a good classification mechanism.

... Steve Kille

Post a comment

You must be logged in to post a comment. To comment, first join our community.