The information system dynamically associates security attributes with [organization-defined subjects and objects] in accordance with [organization-defined security policies] as information is created and combined.
Supplemental
Dynamic association of security attributes is appropriate whenever the security characteristics of information changes over time. Security attributes may change, for example, due to information aggregation issues (i.e., the security characteristics of individual information elements are different from the combined elements), changes in individual access authorizations (i.e., privileges), and changes in the security category of information.