AC-4(2): Processing Domains

Control Family:

Access Control

CSF v1.1 References:


(Not part of any baseline)

Previous Version:

Control Statement

Use protected processing domains to enforce [Assignment: organization-defined information flow control policies] as a basis for flow control decisions.

Supplemental Guidance

Protected processing domains within systems are processing spaces that have controlled interactions with other processing spaces, enabling control of information flows between these spaces and to/from information objects. A protected processing domain can be provided, for example, by implementing domain and type enforcement. In domain and type enforcement, system processes are assigned to domains, information is identified by types, and information flows are controlled based on allowed information accesses (i.e., determined by domain and type), allowed signaling among domains, and allowed process transitions to other domains.