CCI-002211

When transferring information between different security domains, implement organization-defined security or privacy filters on metadata.

Implementation Guidance

Determine if: - when transferring information between different security domains, [AC-04(19)_ODP[01]; security policy filters to be implemented on metadata are defined (if selected)] are implemented on metadata. - when transferring information between different security domains, [AC-04(19)_ODP[02]; privacy policy filters to be implemented on metadata are defined (if selected)] are implemented on metadata.

Validation Procedures

Examine: [SELECT FROM: Information flow enforcement policy; information flow control policies; procedures addressing information flow enforcement; system design documentation; system configuration settings and associated documentation; list of security policy filtering criteria applied to metadata and data payloads; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information flow enforcement responsibilities; system/network administrators; organizational personnel with information security responsibilities; organizational personnel with privacy responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing information flow enforcement functions; security and policy filters].

The controls below (if any) were marked by NIST as being related to CCI-002211.