STIGhub
STIGs
RMF Controls
Compare
← AC-4 (20) — Information Flow Enforcement
CCI-002213
Definition
Defines the information to be subjected to flow control across security domains.
Parent Control
AC-4 (20)
Information Flow Enforcement
Access Control
Linked STIG Checks (4)
V-259890
CAT I
The Enterprise Voice, Video, and Messaging Policy must define operations for VTC and endpoint cameras regarding the ability to pick up and transmit sensitive information.
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide
V-259891
CAT II
The Enterprise Voice, Video, and Messaging Policy must define operations for endpoint microphones regarding the ability to pick up and transmit sensitive information.
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide
V-259900
CAT II
An IP-based VTC system implementing a single set of input/output devices (cameras, microphones, speakers, control system), an A/V switcher, and multiple CODECs connected to multiple IP networks with different classification levels must provide automatic mutually exclusive power control for the CODECs or their network connections so only one CODEC is powered on or one CODEC is connected to any network at any given time.
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide
V-259902
CAT II
Video conferencing, Unified Capability (UC) soft client, and speakerphone speaker operations policy must prevent disclosure of sensitive or classified information over nonsecure systems.
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide