SC-3(2): Access / Flow Control Functions

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system isolates security functions enforcing access and information flow control from nonsecurity functions and from other security functions.

Supplemental Guidance

Security function isolation occurs as a result of implementation; the functions can still be scanned and monitored. Security functions that are potentially isolated from access and flow control enforcement functions include, for example, auditing, intrusion detection, and anti-virus functions.