Using Schematron for Cross Domain Security Policy Enforcement

Abstract: This document provides recommendations for using Schematron schemas to enforce data constraints on the contents of Extensible Markup Language (XML) documents being transferred between security domains. Schematron is a rule-based schema language used for making assertions about patterns found in XML documents. The risk of transferring invalid or unauthorized XML data into or out of a sensitive security domain can be reduced by validating the XML data against a schema that fully describes and constrains the data. These more restrictive schemas are not necessarily the same as those that might be used to validate data being transferred within a single security domain. Schematron can be used as part of a Cross Domain Solution (CDS) to address security problems that may be difficult to solve using grammar-based XML Schema languages.

Date Published:

Last Reviewed: 11 December 2017

Identifier: U/OO/234056-17

Dissemination Control: N/A

Length: 49 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: National Security Agency - NSA; Cyber; Guidance; Exploitation; Vulnerability; Data