ECML-1

ECML-1 Marking and Labeling

Overview

Information and DoD information systems that store, process, transit, or display data in any form or format that is not approved for public release comply with all requirements for marking and labeling contained in policy and guidance documents such as DoD 5200.1R. Markings and labels clearly reflect the classification or sensitivity level, if applicable, and any special dissemination, handling, or distribution instructions.

MAC / CONF	Impact	Subject Area
CLASSIFIED SENSITIVE	High	Enclave Computing Environment

Details

Threat
Without proper markings and labels, classified and/or sensitive information could not be handled properly. This could result in unauthorized disclosure, modification, or destruction of data. This implementation guide is aimed to help information owners implement proper markings and labels that reflect the classification or sensitivity level of information.

Guidance
1. The information owner shall identify and determine if the system stores, processes, transits, or displays data in any form or format, which is not approved for public release. 2. If the system has data not approved for public release, the information owner shall perform the following prior to marking classification levels in accordance with DoD 5200.1R: a. Determine the overall classification of the document. b. Identify specific classified information and its level of classification within the document c. Identify information that should be included in the marking and labeling process d. Determine the type of standard markings and labeling format that is specified in DoD 5200.1R and/or organization’s classification labeling guide. e. Determine the specific pages where markings are displayed (e.g., front page, outside of back cover) f. Apply the labels and markings on the classified and sensitive documents as determined.

Guidance

1. The information owner shall identify and determine if the system stores, processes, transits, or displays data in any form or format, which is not approved for public release.
2. If the system has data not approved for public release, the information owner shall perform the following prior to marking classification levels in accordance with DoD 5200.1R:
  a. Determine the overall classification of the document.
  b. Identify specific classified information and its level of classification within the document
  c. Identify information that should be included in the marking and labeling process
  d. Determine the type of standard markings and labeling format that is specified in DoD 5200.1R and/or organization’s classification labeling guide.
  e. Determine the specific pages where markings are displayed (e.g., front page, outside of back cover)
  f. Apply the labels and markings on the classified and sensitive documents as determined.

References

DoD 5200.1R, Information Security Program, Chapter 5, Marking, January 1997
CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
Organizations’ labeling and marking policies and/or guidelines