Example SPIFs

This page contains a number of SPIFs, representing security policies encoded in the xmlspif schema.

Each policy is available in its raw XML format, or with a stylesheet that generates a HTML summary of the policy, in an SMHS style, for easier reading. Google Chrome users will need to right-click and “view page source” after following the ‘raw’ link.

All of these SPIFs may be freely used and modified. Xmlspif.org encourages supporters to provide suggested updates to published SPIFs and to provide new SPIFs.

RFC 3114 Test Policies

These test policies are described in RFC3114 – Implementing Company Classification Policy with the S/MIME Security Label. These examples reflect simple policies and are a good introduction to the capabilities of the XML SPIF.

Policy Raw HTML
AMOCO raw html
Caterpillar raw html
Whirlpool raw html



NATO Example ACME Policy

The NATO document “INFOSEC Technical and Implementation Guidance for Electronic Labelling of NATO Information – AC/322-D(2004)0021 (INV), 5 Mar 04″ includes an example security labelling policy (Appendix 1, Annex 1, para 17) to show how the various elements of a security label are used.
This provides a more sophisticated example and introduces the definition of security categories.

Policy Raw HTML
ACME raw html



Examples Based on National Policies

These examples are derived from national security labelling policies and illustrate the capabilities of the XML SPIF to meet complex requirements. These examples are based on the national policies, but are not formal statements or definitions of national policy. They are examples only.

Policy Nation Raw HTML
NATO NATO raw html
GENSER United States raw html
JSP457 United Kingdom raw html
AGIMO Australia raw html