When transferring information between different security domains, implement [Assignment: organization-defined security or privacy policy filters] on metadata.
When transferring information between different security domains, implement [Assignment: organization-defined security or privacy policy filters] on metadata.
Employ [Assignment: organization-defined solutions in approved configurations] to control the flow of [Assignment: organization-defined information] across security domains.
Separate information flows logically or physically using [Assignment: organization-defined mechanisms and/or techniques] to accomplish [Assignment: organization-defined required separations by types of information].
Provide access from a single device to computing platforms, applications, or data residing in multiple different security domains, while preventing information flow between the different security domains.
When transferring information between different security domains, modify non-releasable information by implementing [Assignment: organization-defined modification action].
When transferring information between different security domains, parse incoming data into an internal normalized format and regenerate the data to be consistent with its intended specification.
When transferring information between different security domains, sanitize data to minimize [Selection (one or more): delivery of malicious content, command and control of malicious code, malicious code augmentation, and steganography encoded data; spillage of sensitive information] in accordance with [Assignment: organization-defined policy]].
When transferring information between different security domains, record and audit content filtering actions and results for the information being filtered.
When transferring information between different security domains, implement content filtering solutions that provide redundant and independent filtering mechanisms for each data type.
When transferring information between different security domains, implement a linear content filter pipeline that is enforced with discretionary and mandatory access controls.