Security labels convey information used by protocol entities to determine how to handle data communicated between open systems. Information on a security label can be used to control access, specify protective measures, and determine additional handling restrictions required by a communications security policy.
This standard defines a security label syntax for information exchanged over data networks and provides label encodings for use at the Application and Network Layers. The syntactic constructs defined in this standard are intended to be used along with semantics provided by the authority establishing the security policy for the protection of the information exchanged.
The label presented here defines security tags that may be combined into tag sets to carry security-related information. Five basic security tag types allow security information to be represented as bit maps, attribute enumerations, attribute range selections, hierarchical security levels, or as user-defined data. Because of inherent differences in layer functionality, the security label defined in this document is expressed both as an abstract label syntax specification for the OSI Application Layer and an encoding optimized for use at the Network Layer.