AC-4(32): Process Requirements for Information Transfer

Control Family:

Access Control

Parent Control:

AC-4: Information Flow Enforcement

CSF v1.1 References:

ID.AM-3
PR.AC-5
PR.DS-5
DE.AE-1

Threats Addressed:

Information Disclosure

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

When transferring information between different security domains, the process that transfers information between filter pipelines:

Does not filter message content;
Validates filtering metadata;
Ensures the content associated with the filtering metadata has successfully completed filtering; and
Transfers the content to the destination filter pipeline.

Supplemental Guidance

The processes transferring information between filter pipelines have minimum complexity and functionality to provide assurance that the processes operate correctly.