AC-04(01) Object Security and Privacy Attributes

Use ac-4.1_prm_1 associated with ac-4.1_prm_2 to enforce ac-04.01_odp.09 as a basis for flow control decisions.

Parameter ID Definition
ac-4.1_prm_1 organization-defined security and privacy attributes
ac-4.1_prm_2 organization-defined information, source, and destination objects
ac-04.01_odp.01 security attributes
ac-04.01_odp.02 privacy attributes
ac-04.01_odp.03 information objects
ac-04.01_odp.04 information objects
ac-04.01_odp.05 source objects
ac-04.01_odp.06 source objects
ac-04.01_odp.07 destination objects
ac-04.01_odp.08 destination objects
ac-04.01_odp.09 information flow control policies



Information flow enforcement mechanisms compare security and privacy attributes associated with information (i.e., data content and structure) and source and destination objects and respond appropriately when the enforcement mechanisms encounter information flows not explicitly allowed by information flow policies. For example, an information object labeled Secret would be allowed to flow to a destination object labeled Secret, but an information object labeled Top Secret would not be allowed to flow to a destination object labeled Secret. A dataset of personally identifiable information may be tagged with restrictions against combining with other types of datasets and, thus, would not be allowed to flow to the restricted dataset. Security and privacy attributes can also include source and destination addresses employed in traffic filter firewalls. Flow enforcement using explicit security or privacy attributes can be used, for example, to control the release of certain types of information.