AC-4(3): Dynamic Information Flow Control

Control Family:

Access Control

CSF v1.1 References:

Baselines:

(Not part of any baseline)

Previous Version:

Control Statement

Enforce [Assignment: organization-defined information flow control policies].

Supplemental Guidance

Organizational policies regarding dynamic information flow control include allowing or disallowing information flows based on changing conditions or mission or operational considerations. Changing conditions include changes in risk tolerance due to changes in the immediacy of mission or business needs, changes in the threat environment, and detection of potentially harmful or adverse events.