Navigate

SC-16

SC-16: Transmission Of Security Attributes

The information system associates [Assignment: organization-defined security attributes] with information exchanged between information systems and between system components.

Supplemental

Security attributes can be explicitly or implicitly associated with the information contained in organizational information systems or system components.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Multilevel), Cross Domain (Transfer), NC3

Related Controls

The controls below (if any) were marked by NIST as being related to SC-16.

Control	Description
AC-3	The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
AC-4	The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [Assignment: organization-defined information flow control policies].
AC-16	The organization: AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission; AC-16b.: Ensures that the security attribute associations are made and retained with the information; AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.

Enhancements

The controls below (if any) add on to the requirements of SC-16.

Control	Description
SC-16 (1)	The information system validates the integrity of transmitted security attributes.

Related CCIs

The CCIs below are tied to SC-16.

CCI	Definition
CCI-001157	The information system associates organization-defined security attributes with information exchanged between information systems.
CCI-002454	The organization defines the security attributes the information system is to associate with the information being exchanged between information systems and between information system components.
CCI-002455	The information system associates organization-defined security attributes with information exchanged between information system components.