AC-4: Information Flow Enforcement
From NIST's SP800-53:
Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on [Assignment: organization-defined information flow control policies].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| ID.AM-3 | Organizational communication and data flows are mapped |
| PR.PT-4 | Communications and control networks are protected |
| PR.AC-5 | Network integrity is protected (e.g., network segregation, network segmentation) |
| PR.DS-5 | Protections against data leaks are implemented |
| DE.AE-1 | A baseline of network operations and expected data flows for users and systems is established and managed |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1090 | Proxy | Command and Control |
| T1132 | Data Encoding | Command and Control |
| T1029 | Scheduled Transfer | Exfiltration |
| T1573 | Encrypted Channel | Command and Control |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1563.002 | RDP Hijacking | Lateral Movement |
| T1136.002 | Domain Account | Persistence |
| T1567.001 | Exfiltration to Code Repository | Exfiltration |
| T1071.004 | DNS | Command and Control |
| T1204.003 | Malicious Image | Execution |
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1102.002 | Bidirectional Communication | Command and Control |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1566 | Phishing | Initial Access |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1499.004 | Application or System Exploitation | Impact |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1205.002 | Socket Filters | Command and Control, Defense Evasion, Persistence |
| T1136.003 | Cloud Account | Persistence |
| T1001.003 | Protocol Impersonation | Command and Control |
| T1071.003 | Mail Protocols | Command and Control |
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1609 | Container Administration Command | Execution |
| T1204.001 | Malicious Link | Execution |
| T1030 | Data Transfer Size Limits | Exfiltration |
| T1559.001 | Component Object Model | Execution |
| T1559.002 | Dynamic Data Exchange | Execution |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1104 | Multi-Stage Channels | Command and Control |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1499 | Endpoint Denial of Service | Impact |
| T1114.003 | Email Forwarding Rule | Collection |
| T1090.002 | External Proxy | Command and Control |
| T1498 | Network Denial of Service | Impact |
| T1003 | OS Credential Dumping | Credential Access |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1132.002 | Non-Standard Encoding | Command and Control |
| T1189 | Drive-by Compromise | Initial Access |
| T1132.001 | Standard Encoding | Command and Control |
| T1114 | Email Collection | Collection |
| T1213.002 | Sharepoint | Collection |
| T1565.003 | Runtime Data Manipulation | Impact |
| T1573.001 | Symmetric Cryptography | Command and Control |