Labeling as a System-based Enforcement

The term security labeling refers to the association of security attributes with subjects and objects represented by internal data structures within organizational information systems, to enable information system-based enforcement of information security policies. (NIST SP 800-53 R4)

Marking as a Process-based Enforcement

The term security marking refers to the association of security attributes with objects in a human-readable form, to enable organizational process-based enforcement of information security policies. (NIST SP 800-53 R4)

Media Marking as a Practice of Security Marking

Media protection (MP) is a control that addresses the defense of system media, which can be described as both digital and non-digital. Examples of media protection controls include: media access, media marking, media storage, media transport, and media sanitization. (NIST SP 800-12 R1)

From Media Labeling to Media Marking

The term “Media Labeling” used in NIST SP 800-53A R1 is revised to “Media Marking” in NIST SP 800-53A R4 to align with the concept of human-readable form and process-based enforcement.

References

• ISO27001 Annex A 5.13 Labelling Of Information Beginner’s Guide
• Shipping Mark and Label