AC-4(4): Flow Control of Encrypted Information

Control Family:

Access Control

Parent Control:

AC-4: Information Flow Enforcement

CSF v1.1 References:

ID.AM-3
PR.AC-5
PR.DS-5
DE.AE-1

Threats Addressed:

Spoofing
Information Disclosure

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-4(4): Content Check Encrypted Information

Control Statement

Prevent encrypted information from bypassing [Assignment: organization-defined information flow control mechanisms] by [Assignment (one or more): decrypting the information, blocking the flow of the encrypted information, terminating communications sessions attempting to pass encrypted information, [Assignment: organization-defined procedure or method] ].

Supplemental Guidance

Flow control mechanisms include content checking, security policy filters, and data type identifiers. The term encryption is extended to cover encoded data not recognized by filtering mechanisms.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5