SC-16 Transmission of Security and Privacy Attributes
Associate sc-16_prm_1 with information exchanged between systems and between system components.
| Parameter ID | Definition |
|---|---|
| sc-16_prm_1 | organization-defined security and privacy attributes |
| sc-16_odp.01 | security attributes |
| sc-16_odp.02 | privacy attributes |
Baselines
- L
- M
- H
- P
Guidance
Security and privacy attributes can be explicitly or implicitly associated with the information contained in organizational systems or system components. Attributes are abstractions that represent the basic properties or characteristics of an entity with respect to protecting information or the management of personally identifiable information. Attributes are typically associated with internal data structures, including records, buffers, and files within the system. Security and privacy attributes are used to implement access control and information flow control policies; reflect special dissemination, management, or distribution instructions, including permitted uses of personally identifiable information; or support other aspects of the information security and privacy policies. Privacy attributes may be used independently or in conjunction with security attributes.
References 1
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
Control Enhancements 3
- SC-16(01) Integrity Verification L M H P
- SC-16(02) Anti-spoofing Mechanisms L M H P
- SC-16(03) Cryptographic Binding L M H P
Related controls 3
- AC-03 Access Enforcement L M H P
- AC-04 Information Flow Enforcement L M H P
- AC-16 Security and Privacy Attributes L M H P