AC-4(3): Dynamic Information Flow Control

Control Family:

Access Control


(Not part of any baseline)

Next Version:

Control Statement

The information system enforces dynamic information flow control based on [Assignment: organization-defined policies].

Supplemental Guidance

Organizational policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changing conditions or mission/operational considerations. Changing conditions include, for example, changes in organizational risk tolerance due to changes in the immediacy of mission/business needs, changes in the threat environment, and detection of potentially harmful or adverse events.