Navigate

AC-4 (18)

AC-4 (18): Security Attribute Binding

The information system binds security attributes to information using [Assignment: organization-defined binding techniques] to facilitate information flow policy enforcement.

Supplemental

Binding techniques implemented by information systems affect the strength of security attribute binding to information. Binding strength and the assurance associated with binding techniques play an important part in the trust organizations have in the information flow enforcement process. The binding techniques affect the number and degree of additional reviews required by organizations.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Multilevel), Cross Domain (Transfer), Privacy (High), Privacy (Mod), Privacy (PHI)

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4 (18).

Control	Description
AC-16	The organization: AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission; AC-16b.: Ensures that the security attribute associations are made and retained with the information; AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.
SC-16	The information system associates [Assignment: organization-defined security attributes] with information exchanged between information systems and between system components.

Control

Description

AC-16

The organization:

AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission;

AC-16b.: Ensures that the security attribute associations are made and retained with the information;

AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and

AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.

SC-16

The information system associates [Assignment: organization-defined security attributes] with information exchanged between information systems and between system components.

Enhancements

The controls below (if any) add on to the requirements of AC-4 (18).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4 (18).

CCI	Definition
CCI-002209	The organization defines the techniques to be used to bind security attributes to information.
CCI-002210	The information system binds security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement.