Abstract: This document provides guidance for creating Extensible Markup Language (XML) Schemas and Regular Language for XML Next Generation (RELAX NG) schemas that can be used to describe the format and contents of XML documents being transferred between security domains. The risk of transferring invalid or unauthorized XML data into or out of a sensitive security domain can be reduced by validating the XML data against a schema that fully describes and constrains the data. These more restrictive schemas are not necessarily the same as those that might be used to validate data being transferred within a security domain. As the popularity and usage of XML grows, so too will Cross Domain Solutions (CDS) that filter via schemas also grow; however, using poorly written schemas can undermine the security functionality of even the most well designed CDS.
Date Published: 11 May 2011
Last Reviewed: 11 December 2017
Dissemination Control: N/A
Length: 98 page(s)