AC-4(14)—Information Flow Enforcement

Secret (P1)

Technical

>Control Description

INFORMATION FLOW ENFORCEMENT | SECURITY POLICY FILTER CONSTRAINTS The information system, when transferring information between different security domains, implements ⚙organization-defined security policy filters requiring fully enumerated formats that restrict data structure and content.

>Supplemental Guidance

Data structure and content restrictions reduce the range of potential malicious and/or unsanctioned content in cross-domain transactions. Security policy filters that restrict data structures include, for example, restricting file sizes and field lengths. Data content policy filters include, for example: (i) encoding formats for character sets (e.g., Universal Character Set Transformation Formats, American Standard Code for Information Interchange); (ii) restricting character data fields to only contain alpha-numeric characters; (iii) prohibiting special characters; and (iv) validating schema structures.

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.