AC-4(22): Access Only

Control Family:

Access Control

Parent Control:

AC-4: Information Flow Enforcement

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

ID.AM-3
PR.AC-5
PR.DS-5
PR.PT-4
DE.AE-1

Threats Addressed:

Information Disclosure

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-4(22): Access Only

Control Statement

The information system provides access from a single device to computing platforms, applications, or data residing on multiple different security domains, while preventing any information flow between the different security domains.

Supplemental Guidance

The information system, for example, provides a desktop for users to access each connected security domain without providing any mechanisms to allow transfer of information between the different security domains.