The IT Law Wiki

Information flow control

32,085pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Information flow control

[is a] procedure to ensure that information transfers within a system are not made from a higher security level object to an object of a lower security level.[1]
regulates where CUI is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and without explicit regard to subsequent accesses to that information.[2]

Overview Edit

"Flow control restrictions include, for example, keeping export-controlled information from being transmitted in the clear to the Internet, blocking outside traffic that claims to be from within the organization, restricting web requests to the Internet that are not from the internal web proxy server, and limiting information transfers between organizations based on data structures and content."[3]

References Edit

  1. Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
  2. NIST Special Publication SP 800-171, at 8 n.17.
  3. Id.

Also on Fandom

Random Wiki