AC-4(32): Process Requirements for Information Transfer

Control Family:

Access Control

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

When transferring information between different security domains, the process that transfers information between filter pipelines:

  1. Does not filter message content;
  2. Validates filtering metadata;
  3. Ensures the content associated with the filtering metadata has successfully completed filtering; and
  4. Transfers the content to the destination filter pipeline.

Supplemental Guidance

The processes transferring information between filter pipelines have minimum complexity and functionality to provide assurance that the processes operate correctly.