AC-4 (14)
AC-4 (14): Security Policy Filter Constraints
The information system, when transferring information between different security domains, implements [Assignment: organization-defined security policy filters] requiring fully enumerated formats that restrict data structure and content.
Supplemental
Data structure and content restrictions reduce the range of potential malicious and/or unsanctioned content in cross-domain transactions. Security policy filters that restrict data structures include, for example, restricting file sizes and field lengths. Data content policy filters include, for example: (i) encoding formats for character sets (e.g., Universal Character Set Transformation Formats, American Standard Code for Information Interchange); (ii) restricting character data fields to only contain alpha-numeric characters; (iii) prohibiting special characters; and (iv) validating schema structures.
| CIA Levels | |
|---|---|
| Confidentiality | unknown |
| Integrity | unknown |
| Availability | unknown |
| Overlays |
|---|
| Cross Domain (Multilevel), Cross Domain (Transfer) |