2.3: Data-Level Tagging
Promote Data-Level Tagging Other Information:
Most information authorization models are limited to access controls defined and enforced at the network or application-level,
rather than at the data-level using inherent characteristics of specific information resources. As networks are consolidated
and shared services are adopted, access controls must be applied on the data itself, using "tags." Information tagging is
an approach where standard attributes — tags — are attached to a piece of information to describe it. While manual discovery
and access capabilities benefit from information tagging by guiding users directly to specific information based on their
profile, it also can enable automated enforcement of access decisions based on mission-relevance. By matching the user attributes
with corresponding information attributes, the automated delivery of mission-specific information is improved along with the
security and protection of that information from inappropriate recipients. Information tagging further assists in meeting
records management requirements, responding to disclosure inquiries, integrating privacy protections, and remediating erroneous
data disclosures and modifications.
Indicator(s):
|
