Navigate

AC-4(4)

AC-4(4): Content Check Encrypted Information

The information system prevents encrypted information from bypassing content-checking mechanisms by [one or more of decrypting the information/blocking the flow of the encrypted information/terminating communications sessions attempting to pass encrypted information/ {{ insert: param, ac-4.4_prm_2 }} ].

Supplemental

CIA Levels
Confidentiality	high
Integrity	high
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4(4).

Control	Description
SI-4	The organization: a: Monitors the information system to detect: 1: Attacks and indicators of potential attacks in accordance with [organization-defined monitoring objectives]; and 2: Unauthorized local, network, and remote connections; b: Identifies unauthorized use of the information system through [organization-defined techniques and methods]; c: Deploys monitoring devices: 1: Strategically within the information system to collect organization-determined essential information; and 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization; d: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g: Provides [organization-defined information system monitoring information] to [organization-defined personnel or roles] [one or more of as needed/ {{ insert: param, si-4_prm_6 }} ].

Control

Description

SI-4

The organization:

a: Monitors the information system to detect:
- 1: Attacks and indicators of potential attacks in accordance with [organization-defined monitoring objectives]; and
- 2: Unauthorized local, network, and remote connections;

b: Identifies unauthorized use of the information system through [organization-defined techniques and methods];

c: Deploys monitoring devices:
- 1: Strategically within the information system to collect organization-determined essential information; and
- 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization;

d: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion;

e: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information;

f: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and

g: Provides [organization-defined information system monitoring information] to [organization-defined personnel or roles] [one or more of as needed/ {{ insert: param, si-4_prm_6 }} ].

Enhancements

The controls below (if any) add on to the requirements of AC-4(4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4(4).

CCI	Definition
CCI-000028	Prevent encrypted information from bypassing organization-defined flow control mechanisms by employing organization-defined procedures or methods.
CCI-002193	Defines procedures or methods to be employed to prevent encrypted information from bypassing flow control mechanisms, such as decrypting the information, blocking the flow of the encrypted information, and/or terminating communications sessions attempting to pass encrypted information.