AC-4(28): Linear Filter Pipelines

Control Family:

Access Control

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

When transferring information between different security domains, implement a linear content filter pipeline that is enforced with discretionary and mandatory access controls.

Supplemental Guidance

Content filtering is the process of inspecting information as it traverses a cross-domain solution and determines if the information meets a predefined policy. The use of linear content filter pipelines ensures that filter processes are non-bypassable and always invoked. In general, the use of parallel filtering architectures for content filtering of a single data type introduces bypass and non-invocation issues.