Standardizing the Data Dialogue: Defining Data Tagging Standards for Zero Trust (Activity 4.2.1)

We’ve begun the foundational work of understanding our data through initial analysis and by defining the “algorithms” or methodologies for data mapping and tagging (Activity 4.1.1). However, for these efforts to truly scale and enable consistent data protection policies across a vast enterprise, our data needs to speak a common language of sensitivity and context. This brings us to Zero Trust Activity 4.2.1: Define Data Tagging Standards.

This activity is a critical governance and policy initiative that establishes the universal vocabulary for data across the DoD Enterprise. It mandates that the DoD Enterprise, collaborating with Components, establishes a data tagging and classification standard for identifying Zero Trust (ZT) labels, based on industry best practices. This standard goes beyond just defining what sensitive data is; it prescribes how that data should be labeled and categorized consistently. These classifications are then agreed upon and implemented in processes. A key aspect is that tags are identified as manual and automated for future application, acknowledging different methods of classification.

This activity is vital because you cannot enforce granular, data-centric Zero Trust policies if every component uses its own unique definitions for “confidential” or “PII.” This standardization ensures interoperability and consistent enforcement of data protection.

The outcomes for Activity 4.2.1 highlight the establishment of this critical standardization:

1. Enterprise establishes the standard pattern for control vocabulary and how it is managed.
2. Components align to Enterprise standards and begin implementation.
3. Components implement data tagging and labeling standards.

The ultimate end state underscores the strategic impact: The data dictionary and structure is developed at a broader DoD Enterprise level. ZT specific data attributes are defined in alignment with the Enterprise data dictionary and structure. This creates a unified understanding of data across the entire organization.

Solutions for Defining Data Tagging Standards

Implementing Activity 4.2.1 is an effort to create and enforce a universal data language, supported by tools that manage and facilitate this standardization.

1. Establishing the Enterprise Data Tagging and Classification Standard:
   1. Process: The Enterprise, in close collaboration with Component data owners, security teams, and legal/compliance, defines the official data tagging and classification standard. This includes:
      1. Control Vocabulary: Defining the precise, agreed-upon terms for classification levels (e.g., “Public,” “Internal,” “Confidential,” “Secret”), data types (e.g., “PII,” “PHI,” “Financial,” “Intellectual Property”), and associated handling requirements. This becomes the “standard pattern for control vocabulary.”
      2. Hierarchical Structure: How classifications are organized (e.g., Public < Internal < Confidential).
      3. Tagging Mechanics: How tags are applied (e.g., metadata fields, embedded labels, external attribute stores).
      4. Lifecycle: How classifications are reviewed and updated over time.
   2. Basis: This standard should be based on industry best practices (e.g., NIST data classification guidelines, ISO 27001, GDPR, HIPAA principles) and tailored to DoD-specific needs.
   3. Policy Integration: Integrate this standard into enterprise policies (e.g., within your overall Zero Trust policy framework from Activity 6.1.1).
2. Identifying Manual and Automated Tagging Processes:
   1. Process: As part of defining the standard, identify which types of data tagging will be performed manually (e.g., sensitive documents created by users) and which will be automated (e.g., bulk scanning of repositories, ML-driven classification of new data streams). This informs future technology procurement and process design.
3. Component Alignment and Implementation:
   1. Process: Components align their existing data classification practices with the newly established enterprise standard. This involves reviewing local classifications, mapping them to the enterprise control vocabulary, and developing plans to migrate data and processes to the new standard.
   2. Implementation: Components implement the data tagging and labeling standards, which means applying the agreed-upon classifications to their data, either manually or through automated means.
4. Developing the Enterprise Data Dictionary and Structure:
   1. Process: Work towards creating a centralized enterprise data dictionary that formally defines all data assets, their types, and their associated ZT-specific data attributes (including classification levels, ownership, location, purpose). This dictionary serves as the authoritative reference for all data within the DoD.
   2. Integration: Ensure this data dictionary is aligned with and potentially managed within an enterprise data catalog or CMDB.

How Trellix Can Achieve the Desired Outcomes and End State:

Trellix, particularly its Data Loss Prevention (DLP) suite, plays a significant role in implementing the defined data tagging standards and contributing to the desired outcomes and end state, especially regarding the operational application of these standards.

• Implementing Data Tagging and Labeling Standards: Trellix DLP (Endpoint, Network, Discover) is a direct tool for applying the defined data tagging standards in practice.
  • Automated Tagging: It uses content inspection, data fingerprinting, and machine learning (as defined in Activity 6.3.1) to automatically identify and tag sensitive data according to the enterprise’s newly defined control vocabulary (e.g., labeling a document as “Confidential – PII” if it matches specific patterns defined in the standard). This directly supports “Components implement data tagging and labeling standards” for automated processes.
  • Manual Tagging: Trellix DLP also supports manual classification where users can apply pre-defined labels (from the enterprise standard) to files or emails, aligning with the identified “manual” tagging processes.
• Aligning with Enterprise Standards: Trellix DLP’s customizable classification policies can be configured to directly reflect the Enterprise’s “standard pattern for control vocabulary” (Outcome 1). This ensures consistency in how data is identified and tagged across the endpoints and networks Trellix monitors.
• Updating the Data Dictionary/Catalog: While not the central data dictionary itself, Trellix DLP Discover can scan file repositories and cloud storage, classify data according to the enterprise standard, and then feed this classification metadata into a Component’s data catalog or an enterprise CMDB. This contributes to “Component data catalog is updated with data types for each application and service based on data classification levels” (Outcome 3) and ultimately supports the development of the broader “DoD Enterprise data dictionary and structure” (End State).
• Ensuring Policy Enforcement and Risk Reduction: By accurately applying ZT labels (tags), Trellix DLP enables the enforcement of policies that align with Zero Trust. This helps in controlling access and preventing misuse of data based on its classification, thereby directly contributing to data protection and risk reduction.

For the Technical Buyer:

Activity 4.2.1 is the crucial step in establishing a common language for data across your entire enterprise. It’s about defining a clear, standardized data tagging and classification standard based on industry best practices. For technical buyers, success here means contributing to the precise definition of this “control vocabulary,” ensuring Component alignment, and preparing for both manual and automated tagging processes. Tools like Trellix DLP are instrumental in the implementation phase, actively applying these defined standards to your data through its automated and ML-powered classification capabilities, thereby updating your data catalogs. This activity is foundational for enabling accurate, data-driven Zero Trust policies, ensuring consistent protection and reducing risk across the DoD enterprise.

Pillar: Data

Capability: 4.2 DoD Enterprise Data Governance

Activity: 4.2.1 Define Data Tagging Standards

Phase: Target Level

Predecessor(s): None

Successor(s): 4.3.1 Implement Data Tagging & Classification Tools; 4.3.2 Manual Data Tagging Pt1; 4.3.4 Automated Data Tagging & Support Pt1; 6.3.1 Implement Data Tagging & Classification ML Tools