← Back to catalog
AC-4(13)

Decomposition into Policy-relevant Subcomponents

Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

When transferring information between different security domains, decompose information into [assignment] for submission to policy enforcement mechanisms.

Discussion

Decomposing information into policy-relevant subcomponents prior to information transfer facilitates policy decisions on source, destination, certificates, classification, attachments, and other security- or privacy-related component differentiators. Policy enforcement mechanisms apply filtering, inspection, and/or sanitization rules to the policy-relevant subcomponents of information to facilitate flow enforcement prior to transferring such information to different security domains.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.