AC-4(28): Linear Filter Pipelines
Control Family:
Parent Control:
Threats Addressed:
Baselines:
(Not part of any baseline)
Control is new to this version of the control set.
Control Statement
When transferring information between different security domains, implement a linear content filter pipeline that is enforced with discretionary and mandatory access controls.
Supplemental Guidance
Content filtering is the process of inspecting information as it traverses a cross-domain solution and determines if the information meets a predefined policy. The use of linear content filter pipelines ensures that filter processes are non-bypassable and always invoked. In general, the use of parallel filtering architectures for content filtering of a single data type introduces bypass and non-invocation issues.