Navigate

AC-4 (19)

AC-4 (19): Validation Of Metadata

The information system, when transferring information between different security domains, applies the same security policy filtering to metadata as it applies to data payloads.

Supplemental

This control enhancement requires the validation of metadata and the data to which the metadata applies. Some organizations distinguish between metadata and data payloads (i.e., only the data to which the metadata is bound). Other organizations do not make such distinctions, considering metadata and the data to which the metadata applies as part of the payload. All information (including metadata and the data to which the metadata applies) is subject to filtering and inspection.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Multilevel), Cross Domain (Transfer)

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4 (19).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of AC-4 (19).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4 (19).

CCI	Definition
CCI-002211	The information system, when transferring information between different security domains, applies the same security policy filtering to metadata as it applies to data payloads.