Control information flows between security domains on connected systems.
This practice is not concerned with classified security domains. It addresses information flow among domains containing CUI and those that do not. While access control is concerned with controlling access to information by users and processes, controlling information flow (information flow control) is concerned with where information is allowed to move within a system and between systems. In general, information flow control can apply to any needed flow restrictions. For this CMMC practice the flows of concern are primarily between CUI authorized and CUI not-authorized components/systems. Any attempt to move CUI to a domain that has not been designated as a domain allowed to store or process CUI must be blocked. Example 1 You are the IT administrator for your organization. You have designed the network in each of the regional offices to have two zones: one zone that can store and process CUI data and a second zone where CUI information is not permitted. A firewall separates the two zones in the office so staff cannot access files and resources within the office, and a site-to-site VPN over the corporate WAN allows the CUI zones to communicate. To ensure separation between CUI projects, staff are given file access permissions to project servers and file stores by project. To facilitate the transfer of CUI files and data between the same project team working in each regional office, you install a SharePoint server on the CUI zone of the headquarters office. Authorized staff have accounts and use their MFA token to log into the SharePoint server to view or modify projects files stored there.
DRAFT NIST SP 800-171B (MODIFIED) Organizations employ information flow control policies and enforcement mechanisms to control the flow of information between designated sources and destinations within systems and between connected systems. Flow control is based on the characteristics of the information and/or the information path. Enforcement occurs, for example, in boundary protection devices that employ rule sets or establish configuration settings that restrict system services; provide a packet-filtering capability based on header information; or provide message-filtering capability based on message content. Transferring information between systems in different security domains with different security policies introduces risk that the transfers violate one or more domain security policies. In such situations, information owners or stewards provide guidance at designated policy enforcement points between connected systems. Organizations mandate specific architectural solutions when required to enforce logical or physical separation between systems in different security domains. Enforcement includes prohibiting information transfers between connected systems; employing hardware mechanisms to enforce one-way information flows; and verifying write permissions before accepting information from another security domain or connected system.
CIS Controls v7.1 12.1, 12.2, 13.1, 13.3, 14.1, 14.2, 14.5, 14.6, 14.7, 15.6, 15.10
NIST SP 800-53 Rev 4 AC-4, AC-4(1), AC-4(6), AC-4(8), AC-4(12), AC-4(13), AC-4(15), AC-4(20)
NIST CSF v1.1 ID.AM-3, PR.AC-5, PR.DS-5, PR.PT-4, DE.AE-1
CMMC modification of Draft NIST SP 800-171B 3.1.3e