AC-4(32)

Discussion

The processes transferring information between filter pipelines have minimum complexity and functionality to provide assurance that the processes operate correctly.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Information flow enforcement policy; procedures addressing information flow enforcement; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with information flow enforcement responsibilities; system/network administrators; organizational personnel with information security responsibilities].

Test

[SELECT FROM: Mechanisms implementing information flow enforcement functions; mechanisms implementing content filtering].

ID	Assessment Objectives
AC-04(32)(c)	when transferring information between different security domains, the process that transfers information between filter pipelines ensures that the content with the filtering metadata has successfully completed filtering;
AC-04(32)(d)	when transferring information between different security domains, the process that transfers information between filter pipelines transfers the content to the destination filter pipeline.
AC-04(32)(a)	when transferring information between different security domains, the process that transfers information between filter pipelines does not filter message content;
AC-04(32)(b)	when transferring information between different security domains, the process that transfers information between filter pipelines validates filtering metadata;

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!