Information Security Marking Metadata

Information Security Marking Metadata

Chief Information Officer

IC Technical Specifications

Information Security Marking Metadata

Data Encoding Specifications for Information Security Marking Metadata


This IC enterprise data encoding specification defines XML elements and attributes, associated structures and relationships, mandatory and cardinality requirements, permissible values, and constraint rules for representing electronic information security markings.

This standard supports Executive Order (EO) 13526, Classified National Security Information which “prescribes a uniform system for classifying, safeguarding, and declassifying national security information”, across national security disciplines, networks, services, and data.

This standard is a critical technical bridge between:

  • Security marking requirements defined by the National Archives and Records Administration (NARA)/Information Security Oversight Office (ISOO),

  • IC security markings register maintained by the Office of the Director of National Intelligence (ODNI)/Controlled Access Program Coordination Office (CAPCO), and

  • Information technology solutions that implement structured security marking metadata.

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

This specification changed names and numeric designators multiple times since its inception in the late 1990's. Each version listed below supersedes the previous version.

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Common Metadata Standards Tiger Team (CMSTT).

Data Encoding Specification Downloads

Current Version:

Mission Requirements

Information sharing within the national intelligence enterprise will increasingly rely on information assurance metadata (including information security markings) to allow interagency access control, automated exchanges, and appropriate protection of shared intelligence when necessary.

A structured, verifiable representation of security marking metadata bound to the intelligence data is required in order for the enterprise to become inherently “smarter” about the information flowing in and around it. Such a representation, when implemented with other data formats, improved user interfaces, and data processing utilities, can provide part of a larger, robust information assurance infrastructure capable of automating some of the management and exchange decisions today being performed by human beings.

Throughout the intelligence life cycle, the enterprise needs:

  • User interfaces and processing logic that helps users and services to reliably assign and manipulate information security markings at the portion and document level.
  • Automated rendering of electronic portion markings, security banners, classification authority blocks, and other security control markings in accordance with the IC's classification and control marking system and associated executive orders, statutes, and DNI policies.
  • Marking validation to ensure controlled values and business rules are followed.
  • Cross-domain discovery, access, and dissemination capabilities based on access policy logic that leverages electronic security markings along with other key metadata about users, services, clearances, and access environments.