AC-04(08) Security and Privacy Policy Filters
(a) Enforce information flow control using ac-4.8_prm_1 as a basis for flow control decisions for ac-4.8_prm_2 ; and
(b) ac-04.08_odp.05 data after a filter processing failure in accordance with ac-4.8_prm_4.
| Parameter ID | Definition |
|---|---|
| ac-4.8_prm_1 | organization-defined security or privacy policy filters |
| ac-4.8_prm_2 | organization-defined information flows |
| ac-4.8_prm_4 | organization-defined security or privacy policy |
| ac-04.08_odp.01 | security policy filter |
| ac-04.08_odp.02 | privacy policy filter |
| ac-04.08_odp.03 | information flows |
| ac-04.08_odp.04 | information flows |
| ac-04.08_odp.05 |
Selection (one-or-more):
|
| ac-04.08_odp.06 | security policy |
| ac-04.08_odp.07 | privacy policy |
Baselines
- L
- M
- H
- P
Guidance
Organization-defined security or privacy policy filters can address data structures and content. For example, security or privacy policy filters for data structures can check for maximum file lengths, maximum field sizes, and data/file types (for structured and unstructured data). Security or privacy policy filters for data content can check for specific words, enumerated values or data value ranges, and hidden content. Structured data permits the interpretation of data content by applications. Unstructured data refers to digital information without a data structure or with a data structure that does not facilitate the development of rule sets to address the impact or classification level of the information conveyed by the data or the flow enforcement decisions. Unstructured data consists of bitmap objects that are inherently non-language-based (i.e., image, video, or audio files) and textual objects that are based on written or printed languages. Organizations can implement more than one security or privacy policy filter to meet information flow control objectives.