Login  ·  Register

 
 

Security / Privacy Marking Schemes. Sources?

Posted: 05 September 2011 03:34 PM   [ Ignore ]
Administrator
Avatar
RankRankRank
Total Posts:  52
Joined  2009-12-04

Anyone know of standards or normative documents that define security or privacy marking schemes? These need not just be government or defence-like.

Profile
 
 
Posted: 07 September 2011 12:40 PM   [ Ignore ]   [ # 1 ]
Administrator
Avatar
RankRankRank
Total Posts:  52
Joined  2009-12-04

Protective Markings/ Security Descriptor attributes.

These are intended to allow a privacy marking to be attached to each architecture description element. The attributes of Architecture Description Element that form part of this scheme are:

* pm_MarkingOwner (text).  The owner of the protective marking who has the authority to sanction release or lower the protective marking classification. It is used in conjunction with the protective marking, usually as the prefix e.g. NHS PROTECT, TFL CONFIDENTIAL, or as a national authority - UK RESTRICTED.
* pm_Marking (text, enumeration).  An enumerated list - used to indicate the severity or impact of the loss of the item so marked. In the UK it takes the values - ‘Not Protectively Marked’, ‘Protect’, ‘Restricted’, ‘Confidential’, ‘Secret’, ‘Top Secret’ and may be further qualified through ownership, natiionality caveat, descriptor and codeword. Each country will have its own set of enumerated values.
pm_Descriptor (text, enumeration).  A qualifier used with the protective marking to denote the type of information, sensitivity or need to protect e.g. Personal. Commercial. i.e. combination might be PROTECT - PERSONAL
* pm_Codeword (text).  A codeword is another mechanism to limit distribution - only those with the need to know and the codeword have access to the element
* pm_NationalCaveat (text).  A restriction of the audience who can see the element by nationality e.g. UK EYES ONLY would restrict the potential audience to UK nationals. This is not the same as the protective marking owner i.e. UK PROTECT does not restrict the audience and therefore the combination would be for example UK EYES ONLY, UK PROTECT

The combination of the attributes produces a privacy marking:
* [pm_NationalCaveat, ] pm_MarkingOwner + pm_Marking + pm_Descriptor

Profile
 
 
   
 
 


RSS 2.0     Atom Feed

© 2010 Eclectica Systems Ltd.