AC-4: Information Flow Enforcement

Use [Assignment: organization-defined security and privacy attributes] associated with [Assignment: organization-defined information, source, and destination objects] to enforce [Assignment: organization-defined information flow control policies] as a basis for flow control decisions.

Use protected processing domains to enforce [Assignment: organization-defined information flow control policies] as a basis for flow control decisions.

Enforce [Assignment: organization-defined information flow control policies].

Prevent encrypted information from bypassing [Assignment: organization-defined information flow control mechanisms] by [Assignment (one or more): decrypting the information, blocking the flow of the encrypted information, terminating communications sessions attempting to pass encrypted information, [Assignment: organization-defined procedure or method] ].

Enforce [Assignment: organization-defined limitations] on embedding data types within other data types.

Enforce information flow control based on [Assignment: organization-defined metadata].

Enforce one-way information flows through hardware-based flow control mechanisms.

Enforce information flow control using [Assignment: organization-defined security or privacy policy filters] as a basis for flow control decisions for [Assignment: organization-defined information flows]; and [Assignment (one or more): Block, Strip, Modify, Quarantine] data after a filter processing failure in accordance with [Assignment: organization-defined security or privacy policy].

Enforce the use of human reviews for [Assignment: organization-defined information flows] under the following conditions: [Assignment: organization-defined conditions].

Provide the capability for privileged administrators to enable and disable [Assignment: organization-defined security or privacy policy filters] under the following conditions: [Assignment: organization-defined conditions].

Provide the capability for privileged administrators to configure [Assignment: organization-defined security or privacy policy filters] to support different security or privacy policies.

When transferring information between different security domains, use [Assignment: organization-defined data type identifiers] to validate data essential for information flow decisions.

When transferring information between different security domains, decompose information into [Assignment: organization-defined policy-relevant subcomponents] for submission to policy enforcement mechanisms.

When transferring information between different security domains, implement [Assignment: organization-defined security or privacy policy filters] requiring fully enumerated formats that restrict data structure and content.

When transferring information between different security domains, examine the information for the presence of [Assignment: organization-defined unsanctioned information] and prohibit the transfer of such information in accordance with the [Assignment: organization-defined security or privacy policy].

Uniquely identify and authenticate source and destination points by [Assignment (one or more): organization, system, application, service, individual] for information transfer.

When transferring information between different security domains, implement [Assignment: organization-defined security or privacy policy filters] on metadata.

Employ [Assignment: organization-defined solutions in approved configurations] to control the flow of [Assignment: organization-defined information] across security domains.

Separate information flows logically or physically using [Assignment: organization-defined mechanisms and/or techniques] to accomplish [Assignment: organization-defined required separations by types of information].

Provide access from a single device to computing platforms, applications, or data residing in multiple different security domains, while preventing information flow between the different security domains.

When transferring information between different security domains, modify non-releasable information by implementing [Assignment: organization-defined modification action].

When transferring information between different security domains, parse incoming data into an internal normalized format and regenerate the data to be consistent with its intended specification.

When transferring information between different security domains, sanitize data to minimize [Assignment (one or more): delivery of malicious content, command and control of malicious code, malicious code augmentation, and steganography encoded data, spillage of sensitive information] in accordance with [Assignment: organization-defined policy]].

When transferring information between different security domains, record and audit content filtering actions and results for the information being filtered.

When transferring information between different security domains, implement content filtering solutions that provide redundant and independent filtering mechanisms for each data type.

When transferring information between different security domains, implement a linear content filter pipeline that is enforced with discretionary and mandatory access controls.

When transferring information between different security domains, employ content filter orchestration engines to ensure that: Content filtering mechanisms successfully complete execution without errors; and Content filtering actions occur in the correct order and comply with [Assignment: organization-defined policy].

When transferring information between different security domains, implement content filtering mechanisms using multiple processes.

When transferring information between different security domains, prevent the transfer of failed content to the receiving domain.

When transferring information between different security domains, the process that transfers information between filter pipelines: Does not filter message content; Validates filtering metadata; Ensures the content associated with the filtering metadata has successfully completed filtering; and Transfers the content to the destination filter pipeline.