Navigate

AC-4 (2)

AC-4 (2): Processing Domains

The information system uses protected processing domains to enforce [Assignment: organization-defined information flow control policies] as a basis for flow control decisions.

Supplemental

Within information systems, protected processing domains are processing spaces that have controlled interactions with other processing spaces, thus enabling control of information flows between these spaces and to/from data/information objects. A protected processing domain can be provided, for example, by implementing domain and type enforcement. In domain and type enforcement, information system processes are assigned to domains; information is identified by types; and information flows are controlled based on allowed information accesses (determined by domain and type), allowed signaling among domains, and allowed process transitions to other domains.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Multilevel), Cross Domain (Transfer)

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4 (2).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of AC-4 (2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4 (2).

CCI	Definition
CCI-000026	The information system uses protected processing domains to enforce organization-defined information flow control policies as a basis for flow control decisions.
CCI-002191	The organization defines the information flow control policies to be enforced by the information system using protected processing domains.