The Pentagon is preparing to release new guidance on data tagging and labeling, according to a senior official. The move aims to resolve a long-standing issue that has hindered the department’s ability to fully implement its zero trust cybersecurity strategy.
During the Billington CyberSecurity Summit on Sept. 10, Randy Resnick, director of the Zero Trust Portfolio Management Office (ZTPFMO), emphasized that while zero trust efforts have focused heavily on identity and device security, data tagging and labeling have been a long-missing but essential capability for enabling secure data access.
“Something that has been missing in the department that is really important for data access – remember, [zero trust] is all about data access – is data tagging and labels,” Resnick said.
To close this gap, the ZTPFMO has worked closely with the department’s Chief Digital and Artificial Intelligence Office (CDAO) to co-develop enterprise-wide data tagging and labeling guidance. The CDAO will lead the rollout of these standards, with ZTPFMO providing strategic input.
“Why? Because ZT needs data tagging labels to get that security we need,” Resnick said.
He explained that data tagging and labeling help systems identify data sensitivity, classification, and handling requirements, which are essential for implementing zero trust principles such as identity management.
While the intelligence community has mature standards and mechanisms to tag and label data, the Department of Defense (DOD) – which the Trump administration has rebranded as the Department of War – has lacked a unified approach.
“In the IC community, they do have a data tagging and labeling standard and a mechanism to tag and label data. But at DOD, we don’t. We’re all like marching to our own tune,” Resnick explained, adding that this fragmentation has made it difficult to enforce consistent access policies and fully implement zero trust principles across diverse DOD systems.
The upcoming guidance will provide a consistent framework for tagging and labeling data, enabling better data governance, more secure data sharing, and stronger enforcement of zero trust policies across the DOD.
Resnick did not provide any further details on what the guidance will include or a specific release date.