IEFRA2 — No Mention of How Metadata is Protected Sec 1.7.5

"11.3.3 No Mention of How Metadata is Protected
● The section states that ""Although metadata (sensitivity markings) is critical to the approach"" there doen't seem to be any guidance on its protection.
● Should metadata be cryptographically bound to data? Should it be tamper-proof?
● A simple sentence stating that metadata integrity is a security concern and should be protected
against unauthorized modification would strengthen the section.
Suggest: Add a sentence linking IEF-RA explicitly to its role as a Reference Architecture, such as:
""The reference architecture does not prescribe specific user file, object, or message formats, nor does it dictate whether these formats must include metadata elements. However, metadata—such as sensitivity markings—is critical for implementing policy-driven data security. How metadata is integrated and enforced is left to implementation-specific decisions beyond the scope of this architecture.
To support metadata-driven security, the architecture defines two key mechanisms:
● Secure Asset Container (SAC) – A structured format for encapsulating and securing information assets, ensuring metadata travels with the data. (See: XXXXX).
● Trusted Data Object – A data-centric security model that enforces metadata-driven policies directly at the data level. (See: Annex XXXX)
Metadata and binding profiles are defined in external specifications, including:
● ADatP-4774 (NATO Confidentiality Metadata Label Syntax) – Defines a standard metadata format for security labeling. ● ADatP-4778 (NATO Metadata Binding Mechanism) – Specifies how metadata
is bound to data objects.
● IC-TDF (Intelligence Community Trusted Data Format) – Provides an XML-based approach for encoding trusted metadata.
As different metadata standards may not always be directly interoperable, implementations should consider policy-based metadata translation mechanisms to ensure compatibility across diverse environments. Additionally, metadata integrity is a security-critical factor—mechanisms such as cryptographic binding and tamper-resistant storage should be used to prevent unauthorized modification."