CCI-001374

When transferring information between different security domains, prohibit the transfer of such information in accordance with the organization-defined security or privacy policy.

Implementation Guidance

Determine if: - when transferring information between different security domains, information is examined for the presence of [AC-04(15)_ODP[01]; unsanctioned information to be detected is defined]. - when transferring information between different security domains, transfer of [AC-04(15)_ODP[01]; unsanctioned information to be detected is defined] is prohibited in accordance with the [AC-04(15)_ODP[02]; security policy that requires the transfer of unsanctioned information between different security domains to be prohibited is defined (if selected)]. - when transferring information between different security domains, transfer of [AC-04(15)_ODP[01]; unsanctioned information to be detected is defined] is prohibited in accordance with the [AC-04(15)_ODP[03]; privacy policy that requires the transfer of organization-defined unsanctioned information between different security domains to be prohibited is defined (if selected)].

Validation Procedures

Examine: [SELECT FROM: Access control policy; information flow control policies; procedures addressing information flow enforcement; system design documentation; system configuration settings and associated documentation; list of unsanctioned information types and associated information; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security responsibilities; organizational personnel with privacy responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing information flow enforcement policy].

The controls below (if any) were marked by NIST as being related to CCI-001374.