Therefore, the SRG requires that all data leaving a device must possess a security attribute bound to the data it is transmitting. Applying this control assures that security attributes may be explicitly or implicitly associated with the information contained within the information system to support correct handling of the data according to its classification.