AC-4(27): Redundant/independent Filtering Mechanisms
(Not part of any baseline)
Control is new to this version of the control set.
When transferring information between different security domains, implement content filtering solutions that provide redundant and independent filtering mechanisms for each data type.
Content filtering is the process of inspecting information as it traverses a cross-domain solution and determines if the information meets a predefined policy. Redundant and independent content filtering eliminates a single point of failure filtering system. Independence is defined as the implementation of a content filter that uses a different code base and supporting libraries (e.g., two JPEG filters using different vendors' JPEG libraries) and multiple, independent system processes.