Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Applying classification labels or tags to data so its sensitivity is visible and handling rules (access, storage, sharing) can be enforced consistently.
Marking Definition: Applying classification labels or tags to data so its sensitivity is visible and handling rules (access, storage, sharing) can be enforced consistently.
Marking is the practice of assigning labels or tags to data, documents, or resources to indicate their classification level, sensitivity, and required handling. It makes a resource's protection requirements explicit, so people and systems can apply the correct access, storage, transmission, and disposal rules according to organizational policy and regulation.
Marking works by attaching a classification indicator to information, which can be visual (a header or banner such as CONFIDENTIAL on a document), metadata embedded in a file, or a tag applied by a data-classification or rights-management system. Marks typically map to a defined classification scheme (for example, Public, Internal, Confidential, Restricted, or government levels like Unclassified through Top Secret) and may include caveats or handling instructions. Automated tools can apply and enforce these tags as data is created, moved, or shared.
This matters for security because controls cannot be applied consistently to data whose sensitivity is unknown. Marking is the link between classification (deciding how sensitive data is) and enforcement (deciding how it must be protected). Data loss prevention systems, access controls, and encryption policies frequently key off these labels, so accurate marking determines whether confidential data is blocked from leaving the organization or, if mislabeled, leaks freely. It also supports accountability and audit by making mishandling identifiable.
For example, an organization using Microsoft Purview sensitivity labels marks a financial report as Confidential when it is created. That label travels with the file as metadata, automatically encrypting it and restricting it to the finance group. When an employee tries to email the document to a personal address, the data loss prevention system reads the Confidential mark and blocks the transfer, logging the attempt. Without the marking, the same file would look like ordinary content, and the protective controls would have nothing to act on.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →