Security Guidance for the use of XML Schema 1.0/1.1 and RELAX NG

Abstract: This document provides guidance for creating Extensible Markup Language (XML) Schemas and Regular Language for XML Next Generation (RELAX NG) schemas that can be used to describe the format and contents of XML documents being transferred between security domains. The risk of transferring invalid or unauthorized XML data into or out of a sensitive security domain can be reduced by validating the XML data against a schema that fully describes and constrains the data. These more restrictive schemas are not necessarily the same as those that might be used to validate data being transferred within a security domain. As the popularity and usage of XML grows, so too will Cross Domain Solutions (CDS) that filter via schemas also grow; however, using poorly written schemas can undermine the security functionality of even the most well designed CDS.

Date Published:

Last Reviewed: 11 December 2017

Identifier: U/OO/234057-17

Dissemination Control: N/A

Length: 98 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: National Security Agency - NSA; Cyber; Guidance; Exploitation; Vulnerability; Data