SIGIL – Classification Metadata for .NET
SIGIL, delivered through AIC.Classifier, is a .NET package designed to apply UK security classification metadata to applications, datasets, emails, documents and structured workflows. It supports OFFICIAL, SECRET and TOP SECRET markings, associated caveats, enforcement hooks and audit-ready handling for secure software systems.
Category
Commercial
Client
Open Source / Internal
Services
.NET Package Development, Classification Metadata, Secure Data Handling, Audit Logging, Policy Enforcement, Developer Tooling, Secure Software Architecture, Data Governance
Location
UK / GitHub
Year
2025
TRL
5
Overview
Project SIGIL delivers a developer-friendly .NET library for programmatically applying, validating, and enforcing UK Government classification metadata within datasets, documents, and communications.
Available as the AIC.Classifier NuGet package, SIGIL enables applications to append, verify, and act on OFFICIAL, SECRET, and TOP SECRET labels, including caveats and handling instructions, ensuring that information flows remain compliant with UK Government Security Classifications (GSC) and MOD JSP 440/604 standards.
The package provides both runtime enforcement and metadata binding, allowing developers to implement classification-aware workflows, access controls, and audit mechanisms directly inside their systems — from document pipelines to email gateways and data repositories.
Core Capabilities
Metadata Annotation API – Append classification levels and caveats (
UK.OFFICIAL,UK.SECRET,UK.TOP_SECRET, etc.) to structured or unstructured data.Automatic Enforcement Hooks – Integrate with file I/O, email services, and APIs to prevent data mishandling or unauthorised transmission.
Serialization Support – Embed classification metadata in JSON, XML, and document properties (e.g. DOCX, MSG, PDF).
Validation & Compliance Layer – Verify markings, inheritance rules, and caveat validity at runtime.
Attribute Model for .NET – Apply
[Classification("OFFICIAL")]attributes at class, property, or assembly level.Audit & Policy Triggers – Generate structured logs and enforce escalation paths for over- or under-classified data.
Plug-in Enforcement Engine – Extend classification rules via custom policy adapters (e.g. MOD, Home Office, Police).
Integration with AEGIS-ID – Link identity context and clearance level to classification handling logic.
Technical Architecture
Component | Function | Technologies |
|---|---|---|
Classifier Core | Metadata schema, validation logic | .NET 9, C#, JSON Schema |
Enforcement Engine | Real-time compliance checks | Middleware / Interceptors |
Policy Adapters | Extend enforcement rules per organisation | DI-based plug-ins |
Persistence Layer | Secure metadata storage | Azure Table / MongoDB |
Audit Log | Classification event traceability | Serilog / App Insights |
Integration Hooks | Outlook, SharePoint, File I/O | Office Interop, REST APIs |
Example Usage
[Classification("UK.OFFICIAL", Caveats = "SENSITIVE")] public class CaseFile { public string Title { get; set; } public string Content { get; set; } }
var classifier = new ClassificationService(); classifier.Enforce(filePath, ClassificationLevel.Secret);
Key Advantages
Compliance-by-Design: Native enforcement of UK GSC policy within .NET systems.
Developer Simplicity: Intuitive APIs and attributes for quick adoption.
Interoperability: Compatible with email, SharePoint, Teams, and data stores.
Automation-Ready: Easily extended into Azure Functions or pipelines for bulk enforcement.
Defence-Grade Integrity: Built with zero-trust validation and full auditability.
Use Cases
Government & Defence Systems: Automate classification labelling and access control.
Enterprise Document Management: Ensure regulated handling of sensitive corporate data.
Legal & Investigative Services: Embed confidentiality levels directly into records and evidence.
Email Gateways & Messaging: Enforce outbound classification checks.
Data Pipelines: Guarantee correct metadata tagging through every stage of processing.
Strategic Value
Project SIGIL closes the gap between security policy and application logic, bringing information assurance principles directly into the software layer.
By enforcing classification integrity at the point of data creation, SIGIL prevents inadvertent leaks, supports accreditation, and ensures that all information is handled according to its authorised level.
It is the trusted mark of compliance — a digital seal ensuring that every byte of data carries its rightful protection.
Overview
Project SIGIL delivers a developer-friendly .NET library for programmatically applying, validating, and enforcing UK Government classification metadata within datasets, documents, and communications.
Available as the AIC.Classifier NuGet package, SIGIL enables applications to append, verify, and act on OFFICIAL, SECRET, and TOP SECRET labels, including caveats and handling instructions, ensuring that information flows remain compliant with UK Government Security Classifications (GSC) and MOD JSP 440/604 standards.
The package provides both runtime enforcement and metadata binding, allowing developers to implement classification-aware workflows, access controls, and audit mechanisms directly inside their systems — from document pipelines to email gateways and data repositories.
Core Capabilities
Metadata Annotation API – Append classification levels and caveats (
UK.OFFICIAL,UK.SECRET,UK.TOP_SECRET, etc.) to structured or unstructured data.Automatic Enforcement Hooks – Integrate with file I/O, email services, and APIs to prevent data mishandling or unauthorised transmission.
Serialization Support – Embed classification metadata in JSON, XML, and document properties (e.g. DOCX, MSG, PDF).
Validation & Compliance Layer – Verify markings, inheritance rules, and caveat validity at runtime.
Attribute Model for .NET – Apply
[Classification("OFFICIAL")]attributes at class, property, or assembly level.Audit & Policy Triggers – Generate structured logs and enforce escalation paths for over- or under-classified data.
Plug-in Enforcement Engine – Extend classification rules via custom policy adapters (e.g. MOD, Home Office, Police).
Integration with AEGIS-ID – Link identity context and clearance level to classification handling logic.
Technical Architecture
Component | Function | Technologies |
|---|---|---|
Classifier Core | Metadata schema, validation logic | .NET 9, C#, JSON Schema |
Enforcement Engine | Real-time compliance checks | Middleware / Interceptors |
Policy Adapters | Extend enforcement rules per organisation | DI-based plug-ins |
Persistence Layer | Secure metadata storage | Azure Table / MongoDB |
Audit Log | Classification event traceability | Serilog / App Insights |
Integration Hooks | Outlook, SharePoint, File I/O | Office Interop, REST APIs |
Example Usage
[Classification("UK.OFFICIAL", Caveats = "SENSITIVE")] public class CaseFile { public string Title { get; set; } public string Content { get; set; } }
var classifier = new ClassificationService(); classifier.Enforce(filePath, ClassificationLevel.Secret);
Key Advantages
Compliance-by-Design: Native enforcement of UK GSC policy within .NET systems.
Developer Simplicity: Intuitive APIs and attributes for quick adoption.
Interoperability: Compatible with email, SharePoint, Teams, and data stores.
Automation-Ready: Easily extended into Azure Functions or pipelines for bulk enforcement.
Defence-Grade Integrity: Built with zero-trust validation and full auditability.
Use Cases
Government & Defence Systems: Automate classification labelling and access control.
Enterprise Document Management: Ensure regulated handling of sensitive corporate data.
Legal & Investigative Services: Embed confidentiality levels directly into records and evidence.
Email Gateways & Messaging: Enforce outbound classification checks.
Data Pipelines: Guarantee correct metadata tagging through every stage of processing.
Strategic Value
Project SIGIL closes the gap between security policy and application logic, bringing information assurance principles directly into the software layer.
By enforcing classification integrity at the point of data creation, SIGIL prevents inadvertent leaks, supports accreditation, and ensures that all information is handled according to its authorised level.
It is the trusted mark of compliance — a digital seal ensuring that every byte of data carries its rightful protection.
Overview
Project SIGIL delivers a developer-friendly .NET library for programmatically applying, validating, and enforcing UK Government classification metadata within datasets, documents, and communications.
Available as the AIC.Classifier NuGet package, SIGIL enables applications to append, verify, and act on OFFICIAL, SECRET, and TOP SECRET labels, including caveats and handling instructions, ensuring that information flows remain compliant with UK Government Security Classifications (GSC) and MOD JSP 440/604 standards.
The package provides both runtime enforcement and metadata binding, allowing developers to implement classification-aware workflows, access controls, and audit mechanisms directly inside their systems — from document pipelines to email gateways and data repositories.
Core Capabilities
Metadata Annotation API – Append classification levels and caveats (
UK.OFFICIAL,UK.SECRET,UK.TOP_SECRET, etc.) to structured or unstructured data.Automatic Enforcement Hooks – Integrate with file I/O, email services, and APIs to prevent data mishandling or unauthorised transmission.
Serialization Support – Embed classification metadata in JSON, XML, and document properties (e.g. DOCX, MSG, PDF).
Validation & Compliance Layer – Verify markings, inheritance rules, and caveat validity at runtime.
Attribute Model for .NET – Apply
[Classification("OFFICIAL")]attributes at class, property, or assembly level.Audit & Policy Triggers – Generate structured logs and enforce escalation paths for over- or under-classified data.
Plug-in Enforcement Engine – Extend classification rules via custom policy adapters (e.g. MOD, Home Office, Police).
Integration with AEGIS-ID – Link identity context and clearance level to classification handling logic.
Technical Architecture
Component | Function | Technologies |
|---|---|---|
Classifier Core | Metadata schema, validation logic | .NET 9, C#, JSON Schema |
Enforcement Engine | Real-time compliance checks | Middleware / Interceptors |
Policy Adapters | Extend enforcement rules per organisation | DI-based plug-ins |
Persistence Layer | Secure metadata storage | Azure Table / MongoDB |
Audit Log | Classification event traceability | Serilog / App Insights |
Integration Hooks | Outlook, SharePoint, File I/O | Office Interop, REST APIs |
Example Usage
[Classification("UK.OFFICIAL", Caveats = "SENSITIVE")] public class CaseFile { public string Title { get; set; } public string Content { get; set; } }
var classifier = new ClassificationService(); classifier.Enforce(filePath, ClassificationLevel.Secret);
Key Advantages
Compliance-by-Design: Native enforcement of UK GSC policy within .NET systems.
Developer Simplicity: Intuitive APIs and attributes for quick adoption.
Interoperability: Compatible with email, SharePoint, Teams, and data stores.
Automation-Ready: Easily extended into Azure Functions or pipelines for bulk enforcement.
Defence-Grade Integrity: Built with zero-trust validation and full auditability.
Use Cases
Government & Defence Systems: Automate classification labelling and access control.
Enterprise Document Management: Ensure regulated handling of sensitive corporate data.
Legal & Investigative Services: Embed confidentiality levels directly into records and evidence.
Email Gateways & Messaging: Enforce outbound classification checks.
Data Pipelines: Guarantee correct metadata tagging through every stage of processing.
Strategic Value
Project SIGIL closes the gap between security policy and application logic, bringing information assurance principles directly into the software layer.
By enforcing classification integrity at the point of data creation, SIGIL prevents inadvertent leaks, supports accreditation, and ensures that all information is handled according to its authorised level.
It is the trusted mark of compliance — a digital seal ensuring that every byte of data carries its rightful protection.