Welcome Visitor: Login/Register

Frequently Asked Questions - janusSEAL Schema


What is the difference between security classifications, qualifiers, qualifier associations and caveats?

Security classifications are the terms used to classify (categorise) information according to its sensitivity or criticality to a business, organisation or entity. They tend to be broad categorisations, for example PUBLIC as opposed to CONFIDENTIAL information.

Qualifiers are a finer level of detail about one or more security classifications which does not necessarily change the broader sensitivity of the information. The qualifier provides some additional detail about a subject area of the information that may be relevant to the sender, recipient or an IT system. So, for example a qualifier may be COMPANY for when the information is related to something about the COMPANY. In the context of protective markings, the qualifier is not valid on its own but is bound to one or more security classifications via qualifier associations.

Qualifier associations are used to bind a qualifier to one or more security classifications. Hence the security classification may have an additional level of qualifying information about it, in the form of a qualifier. So going back to our examples, an organisation may choose to bind the qualifier COMPANY to the security classification CONFIDENTIAL. Then when used in a janusSEAL product the end-user could choose to select a marking of just CONFIDENTIAL, or they may choose to also indicate that it is CONFIDENTIAL information about the company and so mark it CONFIDENTIAL:COMPANY (by selecting CONFIDENTIAL + qualifier of COMPANY). The associations define which qualifiers are bound to which security classifications.

Whether this additional qualifier information is used by IT systems to enhance DLP rules is up to the organisation. We have seen some that would just adopt the simple rule 'do not let out any CONFIDENTIAL information via clear-text Internet email' whereas others might say 'let out CONFIDENTIAL information via Internet email unless it is CONFIDENTIAL:COMPANY information'.

Qualifiers are definitely needed in the gov.au security classification schema as they have the IN-CONFIDENCE security classification which can have any number of optional qualifiers such as COMMERCIAL-IN-CONFIDENCE, LEGAL-IN-CONFIDENCE, STAFF-IN-CONFIDENCE and so on. These all have the same broad sensitivity but the qualifier is used to convey more detail about the subject matter and could be used for fine adjustments in DLP-like rule-sets.

Caveats are related to concepts in military messaging and are another means to convey finer grain detail about the context or nature of certain information. Commercial organisations would have little need to use caveats. janusSEAL products have limited support for such.

Level 5, 75 Miller St
North Sydney NSW 2060 Australia
ABN: 80 112 197 690

Australia: 1300-795-078
International: +61 2 9962 8141
info@janus.net.au