When transferring information between different security domains, decompose information into organization-defined policy-relevant subcomponents for submission to policy enforcement mechanisms.