AC-4(23) Information Flow Enforcement | Modify Non-releasable Information

Control

When transferring information between different security domains, modify non-releasable information by implementing [Assignment: organization-defined modification action].

Discussion

Modifying non-releasable information can help prevent a data spill or attack when information is transferred across security domains. Modification actions include masking, permutation, alteration, removal, or redaction.