Navigate

AC-4(3)

AC-4(3): Dynamic Information Flow Control

Enforce [information flow control policies to be enforced are defined;].

Supplemental

Organizational policies regarding dynamic information flow control include allowing or disallowing information flows based on changing conditions or mission or operational considerations. Changing conditions include changes in risk tolerance due to changes in the immediacy of mission or business needs, changes in the threat environment, and detection of potentially harmful or adverse events.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
DAF Baseline, NC3

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4(3).

Control	Description
SI-4	a: Monitor the system to detect: 1: Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [monitoring objectives to detect attacks and indicators of potential attacks on the system are defined;] ; and 2: Unauthorized local, network, and remote connections; b: Identify unauthorized use of the system through the following techniques and methods: [techniques and methods used to identify unauthorized use of the system are defined;]; c: Invoke internal monitoring capabilities or deploy monitoring devices: 1: Strategically within the system to collect organization-determined essential information; and 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization; d: Analyze detected events and anomalies; e: Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; f: Obtain legal opinion regarding system monitoring activities; and g: Provide [system monitoring information to be provided to personnel or roles is defined;] to [personnel or roles to whom system monitoring information is to be provided is/are defined;] [one or more of "as needed"/"{{ insert: param, si-04_odp.06 }} "].

Control

Description

SI-4

a: Monitor the system to detect:
- 1: Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [monitoring objectives to detect attacks and indicators of potential attacks on the system are defined;] ; and
- 2: Unauthorized local, network, and remote connections;

b: Identify unauthorized use of the system through the following techniques and methods: [techniques and methods used to identify unauthorized use of the system are defined;];

c: Invoke internal monitoring capabilities or deploy monitoring devices:
- 1: Strategically within the system to collect organization-determined essential information; and
- 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization;

d: Analyze detected events and anomalies;

e: Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;

f: Obtain legal opinion regarding system monitoring activities; and

g: Provide [system monitoring information to be provided to personnel or roles is defined;] to [personnel or roles to whom system monitoring information is to be provided is/are defined;] [one or more of "as needed"/"{{ insert: param, si-04_odp.06 }} "].

Enhancements

The controls below (if any) add on to the requirements of AC-4(3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4(3).

CCI	Definition
CCI-000027	Enforce organization-defined information flow control policies.
CCI-002192	Defines the policies to enforce dynamic information flow control.