AC-4(5): Embedded Data Types

Control Family:

Access Control

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system enforces [Assignment: organization-defined limitations] on embedding data types within other data types.

Supplemental Guidance

Embedding data types within other data types may result in reduced flow control effectiveness. Data type embedding includes, for example, inserting executable files as objects within word processing files, inserting references or descriptive information into a media file, and compressed or archived data types that may include multiple embedded data types. Limitations on data type embedding consider the levels of embedding and prohibit levels of data type embedding that are beyond the capability of the inspection tools.