← Back to catalog
AC-4(13)
Decomposition into Policy-relevant Subcomponents
Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
When transferring information between different security domains, decompose information into [assignment] for submission to policy enforcement mechanisms.
Discussion
Decomposing information into policy-relevant subcomponents prior to information transfer facilitates policy decisions on source, destination, certificates, classification, attachments, and other security- or privacy-related component differentiators. Policy enforcement mechanisms apply filtering, inspection, and/or sanitization rules to the policy-relevant subcomponents of information to facilitate flow enforcement prior to transferring such information to different security domains.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.