The application must have the capability to mark sensitive/classified output when required.

Failure to properly mark output could result in a disclosure of sensitive or classified data which is an immediate loss in confidentiality.