AC-4(4): Flow Control of Encrypted Information

Control Family:

Access Control

CSF v1.1 References:


  • High

Previous Version:

Control Statement

Prevent encrypted information from bypassing [Assignment: organization-defined information flow control mechanisms] by [Assignment (one or more): decrypting the information, blocking the flow of the encrypted information, terminating communications sessions attempting to pass encrypted information, [Assignment: organization-defined procedure or method] ].

Supplemental Guidance

Flow control mechanisms include content checking, security policy filters, and data type identifiers. The term encryption is extended to cover encoded data not recognized by filtering mechanisms.