What Is Classified Information Marking?
Classified information marking refers to the process of categorizing data based on its sensitivity, value, or importance. It involves labeling or tagging data with specific levels of classification, such as "confidential", "secret", or "top secret" to indicate the level of protection and access control required. This is crucial to ensure the protection of highly sensitive and classified information, for example related to national security.
Classified information marking enables efficient information management, secure collaboration, compliance with legal requirements, and enhances operational effectiveness, ultimately safeguarding national interests and maintaining the confidentiality and integrity of critical data.
Note that data control is one of 7 key pillars of United States Department of Defense (DoD) Zero Trust (ZT) strategy; within that, information labelling and tagging are key capabilities.
What Is It Used For?
In the context of the government or the military, who deal with a vast amount of sensitive and classified information, including national security strategies, weapon systems, intelligence reports, and operational plans, data marking helps in implementing appropriate security measures to protect this information from unauthorized access, disclosure, or tampering.
Different levels of classification ensure that only authorized personnel have access to specific data. By clearly defining access permissions, information marking helps in maintaining confidentiality, integrity, and availability of military information, preventing potential leaks or espionage. The military typically uses a hierarchical classification system to designate the sensitivity levels of information, including top secret, secret, confidential, or unclassified, each sensitivity level corresponding to different security requirements and access controls.
Although not all information holds the same level of importance or urgency, by classifying information, the military can prioritize its resources, efforts, and defensive measures based on the classification levels. It allows them to allocate resources effectively and focus on protecting the most critical and sensitive information.
But there definitely are some challenges with successfully implementing data marking:
Accurately determine sensitivity level of information and assign appropriate classifications through proper end-user training and education.
Integration with existing on-premises and/or cloud-based messaging platforms, including back-end servers on one side, and end-user mobile or desktop email clients or productivity suite on the other.
Provide a central management location from where all classifications can be configured and enforced for all employees, on all endpoints, at a global level.
Provide continuous monitoring and reporting about how often end-users mark their emails and documents, which markings they use and from what type of email client or applications.
Ensure compliance with existing data protection regulations.
Use corporate email policies to prevent employees from sending emails to unauthorized recipients (though this does not actively prevent them from doing it, intentionally or unintentionally).
What is ISEC7 Classify?
Document and Data Management Platform
ISEC7 Classify is an easy-to-use platform that enables employees to correctly mark and disseminate sensitive emails and documents, in accordance with data sensitivity requirements, while using their preferred email client or productivity application on any device – mobile or desktop – with little to no configuration. It ensures sensitive information is not sent where it is not intended to go.
ISEC7 Classify is an easy to deploy solution, available as an Azure Platform-as-a-Service (PaaS) application, with a lightweight footprint for end-users as available as an office plug-in, providing a consistent experience on any Microsoft Office application regardless of whether it is a thick or thin client and capability extends to mobile devices as well.
Enforced document marking for email and office products.
Common management and enforcement of classifications for – Mobile email (ISEC7 MED) – Microsoft Office (Desktop and Online)
Verification of need to know and clearance level.
Centralized management for classification markings
Azure Platform-as-a-Service (PaaS) application
Microsoft Office Add-In
Supported Clients and Applications
ISEC7 Classify fully integrates with Microsoft Outlook, Microsoft Outlook Web email clients as well as ISEC7 Mobile Exchange Delegate (MED), our own PIM client, which provides the same functionality as Microsoft Outlook desktop client but from an Android or Apple iOS mobile device.
Next, we plan to extend that support to Microsoft Office Web and desktop apps, including Microsoft Word, Microsoft Excel, and Microsoft PowerPoint.
Integration with Other Solutions
As part of the ISEC7 digital workplace ecosystem, ISEC7 Classify can integrate with ISEC7 Sphere, our vendor-agnostic management and monitoring solution, enabling organizations to monitor and manage their entire Digital Workplace & Mobile infrastructure and network.
ISEC7 Sphere will not only allow to manage and deploy classifications centrally, from its single pane of glass console, but also receive and display statistical information for every single employee using ISEC7 Classify, either from Microsoft Outlook Web, desktop, or ISEC7 MED client from their mobile device, including “last activity” and well as classification details. This allows organizations to maintain an auditable repository where emails/documents with sensitive information have been sent.
Data Sensitivity Regulations
There are numerous regulations that organizations both govt and commercial need to follow related to sensitive national security, personally identifiable and private information must be handled.
ISEC7 Classify helps organizations comply, straight out of the box, with the following data classification regulations:
Intelligence Community Directive 710 – Classification Management and Control Markings System
Controlled Unclassified Information
Executive Order 13526
DHS MD 11042 Safeguarding Sensitive but Unclassified Information
General Data Protection Regulation
California Consumer Privacy Act
Healthcare Insurance Portability Act
International Traffic in Arms
Germany Security Screening Act
UK Official Secrets Act
“DLP vs. Classify”
While ISEC7 Classify and Data Loss Prevention (DLP) might seem to have the same goal, that is to protect data from falling into the wrong hands, they take different, yet complementary approaches.
DLP solutions are used to protect sensitive data from unauthorized access, loss, or theft, by monitoring and analyzing data in motion, at rest, or in use to prevent data exfiltration by any means (e.g., email, USB drive, web upload). It provides incident response capabilities to ensure data security and compliance.
ISEC7 Classify prevents data, in the form of emails or documents, to get to the wrong recipients, by enforcing classification of said information, based on the clearance level of both the send, and the receiver(s). Also, every classified email and/or document will be audited from a central location, to monitor who is sending what type of classified information to whom.
Here are some use cases where ISEC7 Classify can help agencies with their data classification and marking requirements:
Government agency must ensure all classified emails and attachments are limited to whom and where they are supposed to go.
ISEC7 Classify comes out of the box with DOD mandated markings pre-configured and can also be customized to meet any agency specific needs. When used in conjunction with ISEC7 Sphere, ISEC7 Classify creates an auditable record of what was marked and where it was sent that can be used for reporting purposes.
Mobile and Messaging Operations Management is concerned with end-user computing (EUC), Microsoft 365 user experience, and software maintenance.
ISEC7 Classify is a low maintenance, easy to deploy application through Azure and is available as a plug in to Microsoft Office applications. Administrators can provide a simple user interface to employees.
Healthcare organization must ensure HIPPA compliance when sending emails with patient details and ensure they are only shared with in-network providers.
Similar to DOD classification markings, ISEC7 Classify can be configured with PII/PHI markings for healthcare providers communication patient information.
Microsoft 365 Enterprise user wants to ensure they follow classification regulations.
ISEC7 Classify was designed to be used in conjunction with Microsoft 365 suite of products integrating seamlessly. ISEC7 Classify provides a template to end users that pre-defined classification markings that gives them the same easy user experience regardless of the application or device that its used on.
Legal team is concerned with proper records management, eDiscovery, document management.
Legal teams can use ISEC7 Classify to identify documents that are confidential and privileged and maintain an auditable record of where information was sent.
Government employee needs to send email containing classified material.
With ISEC7 Classify, emails with sensitive or classified data are prevented from being sent to non-privileged users. Ensure that overall email classification matches the body of the email and attachments and recipients match dissemination controls.
Agency wants to create privileged material.
With ISEC7 Classify, users can create documentation and mark the material with the appropriate marking at creation. Within any Office application, users are given a template to populate markings that meet DOD requirements.
Data marking plays a vital role in safeguarding sensitive military information, managing risks, prioritizing resources, and enabling effective collaboration. It is a critical aspect of maintaining national security and ensuring the confidentiality, integrity, and availability of sensitive military data. With ISEC7 Classify, employees can correctly mark and disseminate sensitive emails and documents in accordance with data sensitivity requirements and ensure that sensitive information is not sent where it is not intended to go. An added bonus is that ISEC7 Classify is easy to deploy, and employees can utilize it while using their preferred email client or productivity application on any device – mobile or desktop – with little to no configuration. We would be happy to answer any questions you may have about ISEC7 Classify and implementing this solution for your agency. Please feel free to contact us if you have any questions or would like a demonstration.