Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

national security community standard info security marking metadata by 01ySz72V

VIEWS: 0 PAGES: 5

									                                             UNCLASSIFIED




                    NATIONAL SECURITY COMMUNITY STANDARD FOR
                     INFORMATION SECURITY MARKING METADATA

    A. PURPOSE: This National Security Community (NSC) Standard for Information Security
       Marking Metadata shall be applied to information products, information standards, content
       management, service transactions, and discovery applications where information security
       marking metadata are required. Information products (or resources) include, but are not
       limited to, text, databases, imagery, audio and video media, and other digital forms of
       content.

        1. This standard supports a uniform system for classifying, safeguarding, and declassifying
           national security information across national security disciplines, networks, services, and
           data.

        2. This standard was developed to enable important advances designed to simultaneously
           improve and simplify the marking and handling of information at both the information
           product and portion-levels across the full range of security classifications.

        3. The three primary information security marking metadata elements (Resource Security
           Mark, Resource Classification Declassification Mark, and Portion Security Mark)
           defined herein are at an abstract or conceptual level from which implementation profiles
           can be derived. The parts of a security marking are defined herein as conceptual element
           refinements. These conceptual elements and refinements shall apply to information
           products within the NSC and shall be applied according to the directions contained in
           NSC policy guidance and implementation profiles.


B. DISCUSSION: This standard uses the notions of conceptual elements and element refinements
   as defined by the Dublin Core Metadata Initiative (DCMI). DCMI element refinements qualify
   or further refine another element. These markings are applied to many kinds of content at
   varying degrees of granularity. For example, these markings are applied to publications, emails,
   web pages, database records, images, web service transactions, as well as to portions of content
   throughout these products. In addition to applying DCMI approaches, this standard reflects
   extensive standards work ongoing within the NSC and other Australian Government
   organisations such as the Department of Defence. The conceptual elements defined herein serve
   as the foundation for supporting mission- and business-specific data interoperability. They
   should be used in conjunction with companion implementation profiles that contain the
   semantic and functional details needed to guide users and software developers.


C. IMPLEMENTATION PROFILES:                The conceptual elements defined herein are
    expanded, refined, modelled, and implemented as physical tagging structures found in
    implementation profiles. Implementation profiles define the tagging elements (i.e.

NSC Standard for Information Security Marking Metadata v1.0 dated 2 September 2010          Page 1 of 5
Based on the US standard ICS2008-500-7
                                             UNCLASSIFIED
                                             UNCLASSIFIED


    markup), element structures, element relationships, cardinality requirements, and
    permissible values for populating the elements (e.g., string, date, or a controlled
    vocabulary).

    1. Implementation profiles are unique to specific file formats (e.g., XML, HTML, and
       Microsoft Word) and/or processing system. Requirements unique to specific mission and
       business interests can be accommodated by adding data elements or prescribing business
       rules consistent with NSC policy guidance for information standards governance.

    2. Implementation profiles are represented by a series of documents and digital artefacts.
       These profile artefacts include taxonomies, controlled vocabularies, conceptual data models,
       data element dictionaries, validation and constraint rules, transformations and mappings,
       schemas, and developer’s guidance


D. CONCEPTUAL ELEMENT SET: The standard is based on three primary conceptual
   elements: the overall security marking of an information product, the
   classification/declassification instructions of a product, and the portion markings within that
   product.
 Conceptual
                       Definition
 Element
 Resource Security The overall security classification and security handling instructions carried
 Mark                  by the resource.

                        These values are prominently presented, in the case of publications, at the top
                        and bottom of every page and in other specified locations.

 Resource               Classification information and declassification instructions associated with a
 Classification         classified resource based on either an original or derivative classification
 Declassification       decision(s).
 Mark
                        These values are prominently presented with specific labels and formatting at
                        the bottom of the first page and in other specified locations.

 Portion Security       The security classification carried by an individual portion or block of
 Mark                   narrative or media, such as a title, paragraph, table, list, media, or caption.

                        These values are prominently presented at the beginning of the respective
                        portion, are enclosed in parentheses, and utilise the same separators as the
                        overall classification markings of the information resource.



E. CONCEPTUAL ELEMENT REFINEMENTS: The list of conceptual element refinements
   specifies the second level of detail associated with security markings. The definitions provide
   qualifiers, usage, and encoding schemes where applicable. Additionally, a number of the
   element definitions imply a controlled vocabulary for the respective element values. Controlled
   vocabularies are formalised in the implementation profiles.



NSC Standard for Information Security Marking Metadata v1.0 dated 2 September 2010               Page 2 of 5
Based on the US standard ICS2008-500-7
                                             UNCLASSIFIED
                                             UNCLASSIFIED


 Conceptual
 Element                Definition
 Refinements
 Classification         A single indicator of the highest level of classification applicable to an
                        information resource or portion within the domain of classified national
                        security information. The Classification element is always used in
                        conjunction with the Owner Producer element. Taken together, the two
                        elements specify the classification category and the type of classification
                        (US, non-US, or Joint).
 Classification         One or more reason indicators or explanatory text describing the basis for an
 Reason                 original classification decision.

 Classified By          The identity, by name or personal identifier, and position title of the original
                        classification authority for a resource.

 Date Of Exempted       A specific year, month, and day of publication or release of a source
 Source                 document, or the most recent source document, that was itself marked with a
                        declassification constraint. This element is always used in conjunction with
                        the Type Of Exempted Source element.

 Declassification       A specific year, month, and day upon which the information shall be
 Date                   automatically declassified if not properly exempted from automatic
                        declassification.

 Declassification       A description of an event upon which the information shall be automatically
 Event                  declassified if not properly exempted from automatic declassification.

 Declassification       A single indicator describing an exemption to automatic declassification.
 Exemption              This element is used in conjunction with the Declassification Date or
                        Declassification Event.

 Declassification       A single indicator of a requirement for manual review prior to
 Manual Review          declassification, over and above the usual programmatic determinations.
 (deprecated)           The ability to indicate manual review was rescinded as of 1 February 2008
                        with complete removal from automated systems required by 31 March 2009
                        at which time this element will be removed from this ICS.

 Derivatively           The identity, by name or personal identifier, of the derivative classification
 Classified By          authority.

 Derived From           A citation of the authoritative source or reference to multiple sources of the
                        classification markings used in a classified resource.

 Dissemination          One or more indicators identifying the expansion or limitation on the
 Controls               distribution of information.




NSC Standard for Information Security Marking Metadata v1.0 dated 2 September 2010             Page 3 of 5
Based on the US standard ICS2008-500-7
                                             UNCLASSIFIED
                                             UNCLASSIFIED


 Conceptual
 Element                Definition
 Refinements
 FGI Source Open        One or more indicators identifying information which qualifies as foreign
                        government information for which the source(s) of the information is not
                        concealed.

 FGI Source             A single indicator that information qualifies as foreign government
 Protected              information for which the source(s) of the information must be concealed.

                        Within protected internal organisational spaces this element may be used to
                        maintain a record of the one or more indicators identifying information
                        which qualifies as foreign government information for which the source(s)
                        of the information must be concealed. Measures must be taken prior to
                        dissemination of the information to conceal the source(s) of the foreign
                        government information.

 Non-Intelligence       One or more indicators of the expansion or limitation on the distribution of
 Community              an information resource or portion within the domain of information
 Markings               originating from non-intelligence components.

 Owner Producer         One or more indicators identifying the national government or international
                        organisation that have purview over the classification marking of an
                        information resource or portion therein. This element is always used in
                        conjunction with the Classification element. Taken together, the two
                        elements specify the classification category and the type of classification
                        (US, non-US, or Joint).

                        Within protected internal organisational spaces this element may include
                        one or more indicators identifying information which qualifies as foreign
                        government information for which the source(s) of the information must be
                        concealed. Measures must be taken prior to dissemination of the information
                        to conceal the source(s) of the foreign government information.

 Releasable To          One or more indicators identifying the country or countries and/or
                        international organisation(s) to which classified information may be released
                        based on the determination of an originator in accordance with established
                        foreign disclosure procedures. This element is used in conjunction with the
                        Dissemination Controls element.

 Special-Access-        One or more indicators identifying the defence or intelligence programs for
 Required Program       which special access is required.
 Identifier
 SCI Controls           One or more indicators identifying sensitive compartmented information
                        control system(s).




NSC Standard for Information Security Marking Metadata v1.0 dated 2 September 2010           Page 4 of 5
Based on the US standard ICS2008-500-7
                                             UNCLASSIFIED
                                             UNCLASSIFIED


 Conceptual
 Element                Definition
 Refinements
 Type Of                A declassification marking of a source document that causes the current,
 Exempted Source        derivative document to be exempted from automatic declassification. This
                        element is always used in conjunction with the Date Of Exempted Source
                        element.



F. EFFECTIVE DATE: This standard becomes effective on the date of signature.


Signature Block
Date




NSC Standard for Information Security Marking Metadata v1.0 dated 2 September 2010        Page 5 of 5
Based on the US standard ICS2008-500-7
                                             UNCLASSIFIED

								
To top