AC-4(15): Detection Of Unsanctioned Information

Control Family:

Access Control

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system, when transferring information between different security domains, examines the information for the presence of [Assignment: organized-defined unsanctioned information] and prohibits the transfer of such information in accordance with the [Assignment: organization-defined security policy].

Supplemental Guidance

Detection of unsanctioned information includes, for example, checking all information to be transferred for malicious code and dirty words.