AC-4(15)

  • Requirement

    When transferring information between different security domains, examine the information for the presence of [Assignment: organization-defined unsanctioned information] and prohibit the transfer of such information in accordance with the [Assignment: organization-defined security or privacy policy].

  • Discussion

    Unsanctioned information includes malicious code, information that is inappropriate for release from the source network, or executable code that could disrupt or harm the services or systems on the destination network.

More Info

  • Title

    Information Flow Enforcement | Detection of Unsanctioned Information
  • Family

    Access Control
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      SI-3

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!