Navigate

CCI-003683

CCI-003683 Definition

When transferring information between different security domains, the process that transfers information between filter pipelines transfers the content to the destination filter pipeline.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if when transferring information between different security domains, the process that transfers information between filter pipelines transfers the content to the destination filter pipeline.

Validation Procedures

Examine: [SELECT FROM: Information flow enforcement policy; procedures addressing information flow enforcement; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information flow enforcement responsibilities; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms implementing information flow enforcement functions; mechanisms implementing content filtering].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003683.

Control	Description
AC-4(32)	When transferring information between different security domains, the process that transfers information between filter pipelines: (a): Does not filter message content; (b): Validates filtering metadata; (c): Ensures the content associated with the filtering metadata has successfully completed filtering; and (d): Transfers the content to the destination filter pipeline.