AC-04(01) Object Security and Privacy Attributes
Use ac-4.1_prm_1 associated with ac-4.1_prm_2 to enforce ac-04.01_odp.09 as a basis for flow control decisions.
|ac-4.1_prm_1||organization-defined security and privacy attributes|
|ac-4.1_prm_2||organization-defined information, source, and destination objects|
|ac-04.01_odp.09||information flow control policies|
Information flow enforcement mechanisms compare security and privacy attributes associated with information (i.e., data content and structure) and source and destination objects and respond appropriately when the enforcement mechanisms encounter information flows not explicitly allowed by information flow policies. For example, an information object labeled Secret would be allowed to flow to a destination object labeled Secret, but an information object labeled Top Secret would not be allowed to flow to a destination object labeled Secret. A dataset of personally identifiable information may be tagged with restrictions against combining with other types of datasets and, thus, would not be allowed to flow to the restricted dataset. Security and privacy attributes can also include source and destination addresses employed in traffic filter firewalls. Flow enforcement using explicit security or privacy attributes can be used, for example, to control the release of certain types of information.