Knogin
[Core Modules]

Automated Content Classification Marking

A security analyst ingesting hundreds of documents per day cannot manually assign a NATO classification level to each one without introducing inconsistency, delay, or simple fatigue-driven error.

Module metadata

A security analyst ingesting hundreds of documents per day cannot manually assign a NATO classification level to each one without introducing inconsistency, delay, or simple fatigue-driven error.

Back to All Modules

Source reference

content/modules/automated-classification-marking.md

Last Updated

Apr 14, 2026

Category

Core Modules

Content checksum

c84fe179422b31d6

Tags

modulesaicomplianceblockchain

Overview#

A security analyst ingesting hundreds of documents per day cannot manually assign a NATO classification level to each one without introducing inconsistency, delay, or simple fatigue-driven error. Decisions that should take seconds based on content indicators — operational details, personnel identifiers, intelligence assessments — instead become a backlog. Automated classification inference solves this by applying a structured, audited first-pass classification to every item at ingestion time, surfacing only the uncertain cases for human review.

The Automated Content Classification Marking module applies NATO STANAG 4774 Edition 1 (2017) confidentiality metadata labels to ingested entities using LLM-based content analysis. Every item that enters the platform receives a classification inference with a confidence score. Items scoring 0.8 or above are auto-labelled; items below that threshold receive a safe RESTRICTED default and are queued for analyst review. All decisions — automated and human — are written to an immutable audit trail per STANAG 4774 §7. Analysts approve or override markings through the admin review queue, and every override is recorded with the reviewer identity and reasoning.

Diagram

graph LR
    A[Ingested Content] --> B[LLM Classification Inference]
    B --> C{confidence >= 0.8?}
    C -- Yes --> D[Auto-Apply STANAG 4774 Marking]
    C -- No --> E[Apply RESTRICTED Default]
    D --> F[ClassificationMarkingRecord]
    E --> G[Human Review Queue]
    G --> H[Human Decision]
    H --> I{Approved?}
    I -- Yes --> J[HUMAN_APPROVED]
    I -- No --> K[HUMAN_OVERRIDDEN with new level]
    J --> F
    K --> F
    F --> L[ClassificationAuditRecord]

Last Reviewed: 2026-04-14 Last Updated: 2026-04-14

Key Features#

  • STANAG 4774 Marking Engine: Each ingested entity receives a full STANAG 4774 confidentiality label including classification level, releasability markings, NATO caveats, policy reference, create date, and originator organisation. Labels are stored as JSONB and can be exported as STANAG 4774-compatible XML via the to_stanag_xml_binding method.

  • LLM-Powered Inference: Classification inference uses a structured AI language model API prompt that presents classification criteria for each NATO level (UNCLASSIFIED through COSMIC TOP SECRET) and returns a structured JSON response containing classification level, confidence score, plain-language reasoning, and specific content fragments that triggered the decision.

  • Confidence-Gated Auto-Application: The confidence threshold of 0.8 separates automatic application from human review. This follows the principle described in STANAG 4774 §6.3 guidance — automated systems should only assert classification autonomously when certainty is high. Below threshold, RESTRICTED is applied as the safe default per the NATO security policy framework.

  • Human Review Queue: The admin review interface presents all items awaiting human decision with entity identifier, suggested classification badge, confidence score, and auto-application timestamp. Analysts can approve the existing marking, override to a different level, or re-trigger inference. All decisions are audited.

  • Immutable Audit Trail: Every classification event — AUTO_APPLIED, HUMAN_APPROVED, HUMAN_OVERRIDDEN, and ESCALATED — is written to classification_audit_records with actor identity, old and new classification levels, timestamp, and reasoning. This satisfies STANAG 4774 §7 (Label Audit Requirements) and the Argus EDF/PESCO audit mandate.

  • STANAG 4778 Metadata Binding Metadata: The marking record includes STANAG 4778 binding metadata fields (inference model identifier, source connector, binding flag) enabling downstream systems to validate that the label was produced by an authorised process and has not been tampered with.

  • Colour-Coded Classification Badge: The ClassificationBadge component renders classification levels with established colour conventions — green for UNCLASSIFIED, amber for RESTRICTED, orange for CONFIDENTIAL, red for SECRET, dark purple for COSMIC TOP SECRET — with full WCAG 2.2 AAA accessibility compliance and Lucide React icons.

Use Cases#

  • Automatic Classification at Ingest: All content ingested through connector pipelines receives a STANAG 4774 classification marking without analyst intervention, reducing the classification backlog to only uncertain cases.
  • Analyst Review Workflow: Security-cleared analysts work through the human review queue, approving or overriding LLM-suggested markings with a recorded decision and audit entry.
  • Multi-National COI Data Sharing: Entities shared across Community of Interest (COI) channels carry STANAG 4774 markings that receiving organisations can validate against their own classification policies.
  • Export Marking Compliance: When entities are exported to partner systems, the STANAG 4774 XML binding is attached to the payload to ensure the classification travels with the data.
  • EDF/PESCO Audit Compliance: The audit trail satisfies the European Defence Fund requirement that all AI-assisted decisions on sensitive data are logged with actor, action, and provenance.

Integration#

  • Ingestion Pipeline: The classification hook is called from IngestionCoordinatorService.process_next_job() after a normalization job completes. Failures are caught and logged without breaking the ingestion result.
  • Entity Domain: Classification markings reference entities in entity_profiles via entity_id and organization_id, with mandatory tenant scoping on all queries.
  • GraphQL API: inferEntityClassification, reviewClassification mutations and classificationReviewQueue, entityClassification queries expose the full classification workflow to frontend and partner integrations.
  • STANAG 4774 Labels Module: Delegates XML serialisation to app/integrations/nato/stanag_4774_labels.py, which already implements build_4774_xml_label and STANAG 4778 binding hash computation.
  • Audit Trail: Classification decisions are persisted in classification_audit_records, separate from the general evidence audit trail, to support targeted compliance reporting.

Open Standards#

  • NATO STANAG 4774 Ed.1 (2017) — Confidentiality Metadata Binding Marking. Open NATO standard available to all NATO member nations and partner organisations. No proprietary licensing required.
  • NATO STANAG 4778 Ed.1 (2018) — Metadata Binding. Defines cryptographic binding between security labels and message payloads. Used for binding metadata fields in classification records.