AC-4(23): Modify Non-releasable Information

Control Family:

Access Control

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

When transferring information between different security domains, modify non-releasable information by implementing [Assignment: organization-defined modification action].

Supplemental Guidance

Modifying non-releasable information can help prevent a data spill or attack when information is transferred across security domains. Modification actions include masking, permutation, alteration, removal, or redaction.