>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-4(1)Information Flow Enforcement

Technical

>Control Description

INFORMATION FLOW ENFORCEMENT | OBJECT SECURITY ATTRIBUTES The information system uses organization-defined security attributes associated with organization-defined information, source, and destination objects to enforce organization-defined information flow control policies as a basis for flow control decisions.

>Supplemental Guidance

Information flow enforcement mechanisms compare security attributes associated with information (data content and data structure) and source/destination objects, and respond appropriately (e.g., block, quarantine, alert administrator) when the mechanisms encounter information flows not explicitly allowed by information flow policies. For example, an information object labeled Secret would be allowed to flow to a destination object labeled Secret, but an information object labeled Top Secret would not be allowed to flow to a destination object labeled Secret. Security attributes can also include, for example, source and destination addresses employed in traffic filter firewalls.

Flow enforcement using explicit security attributes can be used, for example, to control the release of certain types of information. Related control: AC-16.

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability, typically found in CDS, guards, or XML firewalls that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.