Navigate

AC-4(15)

AC-4(15): Detection of Unsanctioned Information

When transferring information between different security domains, examine the information for the presence of [unsanctioned information to be detected is defined;] and prohibit the transfer of such information in accordance with the [one of ].

Supplemental

Unsanctioned information includes malicious code, information that is inappropriate for release from the source network, or executable code that could disrupt or harm the services or systems on the destination network.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
CDS - Multilevel, CDS - Transfer

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4(15).

Control	Description
SI-3	a: Implement [one or more of "signature-based"/"non-signature-based"] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; b: Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures; c: Configure malicious code protection mechanisms to: 1: Perform periodic scans of the system [the frequency at which malicious code protection mechanisms perform scans is defined;] and real-time scans of files from external sources at [one or more of "endpoint"/"network entry and exit points"] as the files are downloaded, opened, or executed in accordance with organizational policy; and 2: [one or more of "block malicious code"/"quarantine malicious code"/"take {{ insert: param, si-03_odp.05 }} "] ; and send alert to [personnel or roles to be alerted when malicious code is detected is/are defined;] in response to malicious code detection; and d: Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.

Control

Description

SI-3

a: Implement [one or more of "signature-based"/"non-signature-based"] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code;

b: Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures;

c: Configure malicious code protection mechanisms to:
- 1: Perform periodic scans of the system [the frequency at which malicious code protection mechanisms perform scans is defined;] and real-time scans of files from external sources at [one or more of "endpoint"/"network entry and exit points"] as the files are downloaded, opened, or executed in accordance with organizational policy; and
- 2: [one or more of "block malicious code"/"quarantine malicious code"/"take {{ insert: param, si-03_odp.05 }} "] ; and send alert to [personnel or roles to be alerted when malicious code is detected is/are defined;] in response to malicious code detection; and

d: Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.

Enhancements

The controls below (if any) add on to the requirements of AC-4(15).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4(15).

CCI	Definition
CCI-001373	When transferring information between different security domains, examine the information for the presence of organization-defined unsanctioned information.
CCI-001374	When transferring information between different security domains, prohibit the transfer of such information in accordance with the organization-defined security or privacy policy.
CCI-002203	Defines the unsanctioned information when transferring information between different security domains.
CCI-002204	Defines the security or privacy policy which prohibits the transfer of unsanctioned information between different security domains.