AC-04-727 Information Flow Enforcement

Information Flow Enforcement

AC-04-727
Information Flow Enforcement
Access Control
Protect
Access Control
MOD, HIGH
P1
No
January 19, 2018

Agency-issued unique identifiers are administered from a centralized access control system (Microsoft Active Directory) to ensure that levels of authorization between interconnected systems are consistently applied for each authorized user.

Users gain access to information that is beyond their appropriate level of privilege.
The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [Assignment: organization-defined information flow control policies].
The organization issues individual, separate user IDs between access control systems.
No statewide control
Obtain access control policy; procedures addressing information flow enforcement; information system design documentation; information system configuration settings and associated documentation; information system baseline configuration; list of information flow authorizations; information system audit records; other relevant documents or records and ascertain if the information system enforces assigned authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.