AC-4(5): Embedded Data Types

Control Family:

Access Control

Parent Control:

AC-4: Information Flow Enforcement

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Information Disclosure

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-4(5): Embedded Data Types

Control Statement

The information system enforces [Assignment: organization-defined limitations] on embedding data types within other data types.

Supplemental Guidance

Embedding data types within other data types may result in reduced flow control effectiveness. Data type embedding includes, for example, inserting executable files as objects within word processing files, inserting references or descriptive information into a media file, and compressed or archived data types that may include multiple embedded data types. Limitations on data type embedding consider the levels of embedding and prohibit levels of data type embedding that are beyond the capability of the inspection tools.