When data is exchanged between information systems, security attributes must be associated with this data. Security attributes are an abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information, typically associated with internal data structures (e.g., records, buffers, files) within the information system, and used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy. Applying this control assures security attributes may be explicitly or implicitly associated with the information contained within the information system to support correct handling of the data according to its classification. |