Device Class 1: Information Flow Enforcement

Control ID: AC-4 Information Flow Enforcement Family: Access Control Source: NIST 800-53r4
Control: The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [application or information-specific information flow control policies.]
Supplemental Guidance: N/A

Related Controls: N/A
Control Enhancements: N/A
References: N/A
Mechanisms:

  • The device shall support defining information flow control policies which identify constraints on the flow of information in and out of the device, including in particular IA and SC mechanisms that must be applied to information flows in order for them to be permissible. See Notes on Access Control for a discussion and examples of information flow control.
  • The ability to define an information flow control policy shall be restricted to privileged users.

Protocol Implementation Conformance Statements:
ID Statement Status Reference Notes
AC-4/1 Support defining information flow control policies M
AC-4/2 Restrict write access to information flow control policies M