When transferring information between different security domains, implement organization-defined security or privacy policy filters requiring fully enumerated formats that restrict data structure and content.