This page contains a number of SPIFs, representing security policies encoded in the xmlspif schema.
Each policy is available in its raw XML format, or with a stylesheet that generates a HTML summary of the policy, in an SMHS style, for easier reading. Google Chrome users will need to right-click and “view page source” after following the ‘raw’ link.
All of these SPIFs may be freely used and modified. Xmlspif.org encourages supporters to provide suggested updates to published SPIFs and to provide new SPIFs.
RFC 3114 Test Policies
These test policies are described in RFC3114 – Implementing Company Classification Policy with the S/MIME Security Label. These examples reflect simple policies and are a good introduction to the capabilities of the XML SPIF.
NATO Example ACME Policy
The NATO document “INFOSEC Technical and Implementation Guidance for Electronic Labelling of NATO Information – AC/322-D(2004)0021 (INV), 5 Mar 04″ includes an example security labelling policy (Appendix 1, Annex 1, para 17) to show how the various elements of a security label are used.
This provides a more sophisticated example and introduces the definition of security categories.
Examples Based on National Policies
These examples are derived from national security labelling policies and illustrate the capabilities of the XML SPIF to meet complex requirements. These examples are based on the national policies, but are not formal statements or definitions of national policy. They are examples only.