Skip to main content

πŸ’Ό AC-4(15) Information Flow Enforcement | Detection of Unsanctioned Information

  • Contextual name: πŸ’Ό AC-4(15) Information Flow Enforcement | Detection of Unsanctioned Information
  • ID: /frameworks/nist-sp-800-53-r5/ac/04/15
  • Located in: πŸ’Ό AC-4 Information Flow Enforcement

Description​

When transferring information between different security domains, examine the information for the presence of [Assignment: organization-defined unsanctioned information] and prohibit the transfer of such information in accordance with the [Assignment: organization-defined security or privacy policy].

Similar​

  • Internal
    • ID: dec-c-b676d721

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (8)​

PolicyLogic CountFlags
πŸ“ AWS API Gateway API Route Authorization Type is not configured 🟒1🟒 x6
πŸ“ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication 🟒1🟒 x6
πŸ“ AWS RDS Instance is publicly accessible and in an unrestricted public subnet 🟒1🟒 x6
πŸ“ AWS S3 Bucket is not configured to block public access 🟒1🟒 x6
πŸ“ AWS S3 Bucket Policy is not set to deny HTTP requests 🟒1🟒 x6
πŸ“ Azure App Service Authentication is disabled and Basic Authentication is enabled 🟒1🟒 x6
πŸ“ Azure App Service Basic Authentication is enabled 🟒🟒 x3
πŸ“ Azure Subscription Network Watcher is not enabled in every available region 🟒1πŸ”΄ x1, 🟒 x5

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-5fa71eac1
βœ‰οΈ dec-x-629108da1
βœ‰οΈ dec-x-ca52f63a2
βœ‰οΈ dec-x-d5fbfc401
βœ‰οΈ dec-x-d9d39f211
βœ‰οΈ dec-x-ec547a7c1
βœ‰οΈ dec-x-f937c35f1