SC-46 Cross Domain Policy Enforcement
Implement a policy enforcement mechanism sc-46_odp between the physical and/or network interfaces for the connecting security domains.
| Parameter ID | Definition |
|---|---|
| sc-46_odp |
Selection (one):
|
Baselines
- L
- M
- H
- P
Guidance
For logical policy enforcement mechanisms, organizations avoid creating a logical path between interfaces to prevent the ability to bypass the policy enforcement mechanism. For physical policy enforcement mechanisms, the robustness of physical isolation afforded by the physical implementation of policy enforcement to preclude the presence of logical covert channels penetrating the security domain may be needed. Contact [ncdsmo@nsa.gov](mailto:ncdsmo@nsa.gov) for more information.
References 1
- SP 800-160-1 Ross RS, Oren JC, McEvilley M (2016) Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 1, Includes updates as of March 21, 2018.
Related controls 2
- AC-04 Information Flow Enforcement L M H P
- SC-07 Boundary Protection L M H P