NATO STANAG 4774/4778
For over 20 years, Boldon James have been leading the way in military messaging and classification and involved in NATO’s Data Centric Security (NATO DCS) initiative that uses NATO STANAG 4774 and NATO STANAG 4778. Boldon James provides military messaging and data classification solutions, protecting sensitive data sent internally, cross-domain and across different member countries.
As NATO labelling and data protection approaches evolve to address new threats and opportunities, Boldon James continues to innovate to meet these demands, by closely aligning their solutions to support the emerging NATO standards and ensuring compatibility with Microsoft applications and platforms.
Leading the way in
NATO Data Centric Security
Boldon James continues to be at the leading edge and applicable for the NATO organisation and NATO nations’ environments with their leading military messaging and data classification solutions, not just today but well into the future.
Discover how Boldon James data classification solutions intend to align with NATO’s Data Centric Security initiative and NATO STANAG 4774 and 4778 standards.
STANAG 4774/4778 labels and binding –
enabling application of a confidentiality label,
meeting NATO's basic and
enhanced labelling requirements
Metadata for use within NATO
Full metadata assigned
to all data objects
Dynamic policies –
adapt to changing operational conditions
and security environment
Guarding technology –
protection of data objects with mediated release
based on labels (data leakage prevention)
NATO Data Centric Security FAQ
What is STANAG 4774 and 4778?
STANAG 4774 and 4778 are ratified standards and part of the NATO labeling approach within the NATO DCS initiative.
STANAG 4774 defines the syntax for a Confidentiality Label, used for labelling numerous data objects (profiles exist for SOAP, REST, SMTP, XMPP, Office Open XML, OPC and sidecar files). STANAG 4778 defines how a Confidentiality Label is bound to the data, and using cryptographic techniques ensures the integrity of the label and the data.
The Confidentiality Label includes the traditional classification and caveats seen in email labelling and critically now includes additional metadata; the creator of the label, the creation time and the expiry time are examples of the additional metadata criteria that are included with the label.
The use of this Confidentiality Label allows the data to have a clearly defined owner, facilitates the sharing of data and provides a level of data assurance knowing the source and integrity of the data can be quickly determined.
Why is Data Centric Security needed?
A lot of the commercial, defence and intelligence organisations adopt network centric – protect the perimeter, and your information inside will remain safe. Unfortunately, today this isn’t the case; the perimeter protecting your information is widening. With the boom of cloud services, an increasingly mobile workforce and the need to share information, the protection of the perimeter becomes even more difficult when we’re unsure exactly where the perimeter is, and the more opening doors we place in our perimeter, the harder it becomes to protect.
We still need to protect the perimeter using our existing network-centric security tools, but also need to protect the information we store inside our network. A data-centric approach uses classification and encryption to protect the information wherever it moves, placing less importance on where your information resides.
Can I share data more easily with a Data Centric approach?
Yes, with the adoption of the NATO STANAG 4774 and 4778 standards we will reach a position where the data of all nations is protected using the same metadata standards, therefore, allowing for far easier sharing of protected data. Currently, each nation (or in some cases each system) adopts a local classification format, the data becomes over classified to match the network classification and guard products become more complicated having to support a multitude of formats and rules.
This results in unclassified data becoming secret, requiring a time-consuming review process and change of classification before the information can be shared, by which time the moment may has passed. In todays environment a multi-nation coalition force should easily be able to share data!
Is Data Centric Security for Email only?
Email has always been the starting point for data classification, and that is true for Data Centric Security. However, these new standards have profiles that apply to a range of data objects and formats - new profiles are being written all the time. By data object we mean a file type (e.g. Word document, Notepad document etc.) and by format we mean XML, JSON etc. which can then be applied to an API - performing a database search from a web browser can then take into account your location and security clearance before result are returned.
Is Data Centric Security only for the Military, what about Commercial organisations?
No, although NATO is driving these STANAG standards as part of DCS and the Federated Mission Networking (FMN) initiative the concepts apply equally to both military and commercial organisations. Classification was first applied to email by Military / Intelligence organisations and this concept has now been adopted by commercial organisations to ensure data is protected and shared appropriately. With a wider adoption in the commercial market we will eventually find two or more organisations that need to understand each others classification format (metadata), repeating the issues the Military have today.
There is nothing in these NATO standards that stop adoption by a commercial organisation. The automobile industry always says to look at the latest Mercedes S-Class for the new technology that will become mainstream tomorrow, commercial organisations should be looking at the military today for classification technology that will become mainstream tomorrow.
Apart from a common metadata format, what else do these standards provide?
A common metadata format is the base starting point. From this we can begin to expand and add more attributes to the metadata. This includes a classification review period, a succession label to be used after the review period has passed, the identity of the person assigning the classification. The standards has been written in such a way that new attributes can easily be added without breaking previous versions. Cryptographic binding of the classification metadata to the data ensures integrity of the label and the data in more secure environments, and the future inclusion for post-release protection ensures the data can be released for a number of days, after which the data cannot be accessed.
With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.
Over 35 years of experience with defence and intelligence applications providing
mission critical secure messaging
and data classification.
The original pioneers of data classification and secure messaging solutions. Supporting National MoD clients for decades.
Working with NATO, NATO Members and leading global defence System Integrators.
Trusted by customers for customer service excellence and technical support and technical innovations.