Navigate

AC-4(15)

AC-4(15): Detection of Unsanctioned Information

The information system, when transferring information between different security domains, examines the information for the presence of [organized-defined unsanctioned information] and prohibits the transfer of such information in accordance with the [organization-defined security policy].

Supplemental

Detection of unsanctioned information includes, for example, checking all information to be transferred for malicious code and dirty words.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4(15).

Control	Description
SI-3	The organization: a: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; b: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures; c: Configures malicious code protection mechanisms to: 1: Perform periodic scans of the information system [organization-defined frequency] and real-time scans of files from external sources at [one or more of endpoint/network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and 2: [one or more of block malicious code/quarantine malicious code/send alert to administrator/ {{ insert: param, si-3_prm_4 }} ] in response to malicious code detection; and d: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Control

Description

SI-3

The organization:

a: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

b: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures;

c: Configures malicious code protection mechanisms to:
- 1: Perform periodic scans of the information system [organization-defined frequency] and real-time scans of files from external sources at [one or more of endpoint/network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and
- 2: [one or more of block malicious code/quarantine malicious code/send alert to administrator/ {{ insert: param, si-3_prm_4 }} ] in response to malicious code detection; and

d: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Enhancements

The controls below (if any) add on to the requirements of AC-4(15).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4(15).

CCI	Definition
CCI-001373	When transferring information between different security domains, examine the information for the presence of organization-defined unsanctioned information.
CCI-001374	When transferring information between different security domains, prohibit the transfer of such information in accordance with the organization-defined security or privacy policy.
CCI-002203	Defines the unsanctioned information when transferring information between different security domains.
CCI-002204	Defines the security or privacy policy which prohibits the transfer of unsanctioned information between different security domains.