Labeling as a System-based Enforcement
The term security labeling refers to the association of security attributes with subjects and objects represented by internal data structures within organizational information systems, to enable information system-based enforcement of information security policies. (NIST SP 800-53 R4)
Marking as a Process-based Enforcement
The term security marking refers to the association of security attributes with objects in a human-readable form, to enable organizational process-based enforcement of information security policies. (NIST SP 800-53 R4)
Media Marking as a Practice of Security Marking
Media protection (MP) is a control that addresses the defense of system media, which can be described as both digital and non-digital. Examples of media protection controls include: media access, media marking, media storage, media transport, and media sanitization. (NIST SP 800-12 R1)
From Media Labeling to Media Marking
The term “Media Labeling” used in NIST SP 800-53A R1 is revised to “Media Marking” in NIST SP 800-53A R4 to align with the concept of human-readable form and system-based enforcement.