Conditional Policy - DRM Document Classification and Security Labeling
Version Control
| version | Author | Date | Change log |
|---|---|---|---|
| 1.0 | Song Hee-soo | 2026-03-06 | First Draft |
1. Overview
This document covers the proposal for the following two features in conditional policies.
- Target Document - DRM Document Classification: The function to retrieve grade information (C/S/O) managed by the Security365 portal under the existing "Designated DRM Document" selection and designate documents of that grade as policy targets.
- Execution Policy - Granting Security LabelsA feature that retrieves classification information managed by the Security365 portal and assigns security classifications/labels to documents that match the policy.
Part 1. Target Document - DRM Document Classification
1.1 Purpose
When setting the target document for conditional policies, the existing**"Designated DRM Document"under optionsAdd grade options**By linking the grade information registered and managed in the Security365 portal, only DRM documents assigned a specific grade (C/S/O) can be designated as policy targets.
1.2 Grade Information
Grade information isSecurity365 PortalIt is sourced from, and the representative grading systems are as follows.
| Grade | Description |
|---|---|
| C | Confidential |
| S | secret |
| O | public |
The list of grades is managed in the Security365 portal, and the grades registered in the portal are displayed as options.
1.3 Target Document Rating Assignment Flow
When registering/updating conditional policies**[Document Properties]**At the stage:
- DRM Document →**"Designated DRM Document"**Selection
- subordinate**"Document Level"**Additional options are displayed.
- Retrieved from the Security365 portalGrade ListDisplayed as a dropdown (C/S/O, etc.)
- desiredGrade Selection→ The DRM document assigned with the corresponding grade is included in the policy subject.
- Registered items are displayed as a list and can be deleted individually.
UI Example
대상 문서: 지정된 DRM 문서
└ 문서 등급:
- C [삭제]
- S [삭제]
1.4 Policy Application Scenarios
| scenario | Target Document Grade | Application Execution Policy | Description |
|---|---|---|---|
| Blocking the External Transfer of Confidential Documents | C | Maintain State | Blocking of confidential grade documents during external export events |
| Re-encryption of Secret Documents | S | DRM Encryption | Re-encryption with specific DRM policy for secret level documents |
| Automatic Decryption of Public Documents | O | Full Decryption | Public grade documents allow automatic decryption |
Part 2. Execution Policy - Granting Security Labels
2.1 Purpose
Enforcement policy of conditional policies**"Security Level Settings"**If you select it, it retrieves the grade information managed by the Security365 portal and assigns security grades and security labels to documents that match the policy.
2.2 Security Classification System
Security level/label isSecurity365 Portalis registered and managed.
| division | Description | example |
|---|---|---|
| Security Level (Level) | Upper Classification Criteria | Confidential, Secret, Public |
2.3 Security Label Assignment Flow
When registering/updating conditional policies**[Execution Policy]**At the stage:
- From the list of enforcement policies**"Security Level Settings"**Selection
- Retrieved from the Security365 portalSecurity Level ListThis is displayed
- applySecurity LevelSelection
- Save
UI Example
집행 정책: 보안 등급 설정
적용 등급: 기밀
2.4 Policy Application Scenarios
| scenario | Target Document | Grade/Label to be Assigned | Description |
|---|---|---|---|
| Automatic Grade Assignment During Encryption | General Document Encryption Event | Confidential / Confidential - Internal Use | Automatically Assign Security Level at the Time of Encryption |
| Assigning Document Ratings for Specific Departments | Specific User Group + Encryption | Secret / Secret-Financial Information | Automatic Assignment of Confidentiality Levels When Encrypting Finance Department Documents |