Navigate

CCI-000028

CCI-000028 Definition

Prevent encrypted information from bypassing organization-defined flow control mechanisms by employing organization-defined procedures or methods.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if encrypted information is prevented from bypassing [AC-04(04)_ODP[01]; information flow control mechanisms that encrypted information is prevented from bypassing are defined] by [AC-04(04)_ODP[02]; one or more of the following PARAMETER VALUES is/are selected: {decrypting the information; blocking the flow of the encrypted information; terminating communications sessions attempting to pass encrypted information; [AC-04(04)_ODP[03]; the organization-defined procedure or method used to prevent encrypted information from bypassing information flow control mechanisms is defined (if selected)]].

Validation Procedures

Examine: [SELECT FROM: Access control policy; information flow control policies; procedures addressing information flow enforcement; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing information flow enforcement policy].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000028.

Control	Description
AC-4(4)	Prevent encrypted information from bypassing [information flow control mechanisms that encrypted information is prevented from bypassing are defined;] by [one or more of "decrypting the information"/"blocking the flow of the encrypted information"/"terminating communications sessions attempting to pass encrypted information"/"{{ insert: param, ac-04.04_odp.03 }} "].