Chief Information Officer
IC Technical Specifications
Whitelist Guidance for ISM
Overview
This Whitelist Guidance for ISM (Whitelist.XML) provides guidance on the use of a whitelist to prevent the ingestion of unauthorized documents by testing XML Data Encoding Specification for Information Security Markings (ISM.XML) markings.
Whitelisting is the process of identifying attributes that are recognized and supported; if an attribute on a document does not exist in the whitelist configuration file, then the document will fail business rule validation. Whitelisting is preferred to blacklisting because it can protect a system against ingesting documents with new markings that could possibly result in a data spill.
This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).
Technical Specification Downloads
Latest Approved Public Release:
- Whitelist Guidance for ISM (V2019-MAR - Standalone Package)
- Whitelist Guidance for ISM (V2019-MAR - Convenience Package)
- Whitelist Guidance for ISM (V2019-MAR - Light Package)
Mission Requirements
The IC CIO funds and oversees a number of critical enabling projects to allow interagency access control, automated exchanges, and appropriate protection of shared intelligence. Information sharing within the national intelligence enterprise will increasingly rely on information assurance metadata including information security markings, enterprise data headers, and determination of an individual's need-to-know. A successful information sharing enterprise depends on the ability of the data creator and/or providers to specify the means by which need-to-know can be established in a manner to facilitate discovery and access via automated means.
This document provides general and prescriptive guidance for the use of whitelisting to validate that a system is authorized to handle ISM.XML markings on a given XML document.