Access Control (AC)
When transferring information between different security domains, sanitize data to minimize [Selection (one or more): delivery of malicious content, command and control of malicious code, malicious code augmentation, and steganography encoded data; spillage of sensitive information] in accordance with [Assignment: organization-defined policy]].
Access Control (AC)
When transferring information between different security domains, record and audit content filtering actions and results for the information being filtered.
Access Control (AC)
When transferring information between different security domains, implement content filtering solutions that provide redundant and independent filtering mechanisms for each data type.
Access Control (AC)
When transferring information between different security domains, implement a linear content filter pipeline that is enforced with discretionary and mandatory access controls.
Access Control (AC)
When transferring information between different security domains, employ content filter orchestration engines to ensure that: (a) Content filtering mechanisms successfully complete execution without errors; and (b) Content filtering actions occur in the correct order and comply with [Assignment: organization-defined policy].
Access Control (AC)
When transferring information between different security domains, implement content filtering mechanisms using multiple processes.
Access Control (AC)
When transferring information between different security domains, prevent the transfer of failed content to the receiving domain.
Access Control (AC)
When transferring information between different security domains, the process that transfers information between filter pipelines: (a) Does not filter message content; (b) Validates filtering metadata; (c) Ensures the content associated with the filtering metadata has successfully completed filtering; and (d) Transfers the content to the destination filter pipeline.
Access Control (AC)
Level N/A
a. Identify and document [Assignment: organization-defined duties of individuals requiring separation]; and b. Define system access authorizations to support separation of duties.
Access Control (AC)
Level N/A
Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.
