Navigate

AC-4 (15)

AC-4 (15): Detection Of Unsanctioned Information

The information system, when transferring information between different security domains, examines the information for the presence of [Assignment: organized-defined unsanctioned information] and prohibits the transfer of such information in accordance with the [Assignment: organization-defined security policy].

Supplemental

Detection of unsanctioned information includes, for example, checking all information to be transferred for malicious code and dirty words.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Multilevel), Cross Domain (Transfer), Privacy (High), Privacy (Mod), Privacy (PHI)

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4 (15).

Control	Description
SI-3	The organization: SI-3a.: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; SI-3b.: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures; SI-3c.: Configures malicious code protection mechanisms to: SI-3c.1.: Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and SI-3c.2.: [Selection (one or more): block malicious code; quarantine malicious code; send alert to administrator; [Assignment: organization-defined action]] in response to malicious code detection; and SI-3d.: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Control

Description

SI-3

The organization:

SI-3a.: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

SI-3b.: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures;

SI-3c.: Configures malicious code protection mechanisms to:
- SI-3c.1.: Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and
- SI-3c.2.: [Selection (one or more): block malicious code; quarantine malicious code; send alert to administrator; [Assignment: organization-defined action]] in response to malicious code detection; and

SI-3d.: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Enhancements

The controls below (if any) add on to the requirements of AC-4 (15).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4 (15).

CCI	Definition
CCI-001373	The information system, when transferring information between different security domains, examines the information for the presence of organization-defined unsanctioned information.
CCI-001374	The information system, when transferring information between different security domains, prohibits the transfer of organization-defined unsanctioned information in accordance with the organization-defined security policy.
CCI-002203	The organization defines the unsanctioned information the information system is to examine when transferring information between different security domains.
CCI-002204	The organization defines a security policy which prohibits the transfer of unsanctioned information between different security domains.