Whitelist Guidance for ISM

Whitelist Guidance for ISM

Chief Information Officer

IC Technical Specifications

Whitelist Guidance for ISM


This Whitelist Guidance for ISM (Whitelist.XML) provides guidance on the use of a whitelist to prevent the ingestion of unauthorized documents by testing XML Data Encoding Specification for Information Security Markings (ISM.XML) markings.


Whitelisting is the process of identifying attributes that are recognized and supported; if an attribute on a document does not exist in the whitelist configuration file, then the document will fail business rule validation. Whitelisting is preferred to blacklisting because it can protect a system against ingesting documents with new markings that could possibly result in a data spill.


This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).


Technical Specification Downloads


Latest Approved Public Release:


Mission Requirements


The IC CIO funds and oversees a number of critical enabling projects to allow interagency access control, automated exchanges, and appropriate protection of shared intelligence. Information sharing within the national intelligence enterprise will increasingly rely on information assurance metadata including information security markings, enterprise data headers, and determination of an individual's need-to-know. A successful information sharing enterprise depends on the ability of the data creator and/or providers to specify the means by which need-to-know can be established in a manner to facilitate discovery and access via automated means.


This document provides general and prescriptive guidance for the use of whitelisting to validate that a system is authorized to handle ISM.XML markings on a given XML document.