Defines the information flows against which the organization-defined security or privacy policy filters are to be enforced.