AC-03(09) Controlled Release
Release information outside of the system only if:
(a) The receiving ac-03.09_odp.01 provides ac-03.09_odp.02 ; and
(b) ac-03.09_odp.03 are used to validate the appropriateness of the information designated for release.
|ac-03.09_odp.01||system or system component|
Controlled release of information requires systems to implement technical or procedural means to validate the information prior to releasing it to external systems. For example, if the system passes information to a system controlled by another organization, technical means are employed to validate that the security and privacy attributes associated with the exported information are appropriate for the receiving system. Alternatively, if the system passes information to a printer in organization-controlled space, procedural means can be employed to ensure that only authorized individuals gain access to the printer.
Related controls 5
- CA-03 Information Exchange L M H P
- PT-07 Specific Categories of Personally Identifiable Information L M H P
- PT-08 Computer Matching Requirements L M H P
- SA-09 External System Services L M H P
- SC-16 Transmission of Security and Privacy Attributes L M H P