When transferring information between different security domains, prohibit the transfer of such information in accordance with the organization-defined security or privacy policy.