AC-4(3): Dynamic Information Flow Control

Control Family:

Access Control

Parent Control:

AC-4: Information Flow Enforcement

CSF v1.1 References:

ID.AM-3
PR.AC-5
PR.DS-5
DE.AE-1

Threats Addressed:

Spoofing
Information Disclosure

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-4(3): Dynamic Information Flow Control

Control Statement

Enforce [Assignment: organization-defined information flow control policies].

Supplemental Guidance

Organizational policies regarding dynamic information flow control include allowing or disallowing information flows based on changing conditions or mission or operational considerations. Changing conditions include changes in risk tolerance due to changes in the immediacy of mission or business needs, changes in the threat environment, and detection of potentially harmful or adverse events.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5