Navigate

CCI-000219

CCI-000219 Definition

When transferring information between different security domains, decompose information into organization-defined policy-relevant subcomponents for submission to policy enforcement mechanisms.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if when transferring information between different security domains, information is decomposed into [AC-04(13)_ODP; policy-relevant subcomponents into which to decompose information for submission to policy enforcement mechanisms are defined] for submission to policy enforcement mechanisms.

Validation Procedures

Examine: [SELECT FROM: Access control policy; information flow control policies; procedures addressing information flow enforcement; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing information flow enforcement policy].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000219.

Control	Description
AC-4(13)	When transferring information between different security domains, decompose information into [policy-relevant subcomponents into which to decompose information for submission to policy enforcement mechanisms are defined;] for submission to policy enforcement mechanisms.