IBM Cloud Docs
AC-4 (4) - Flow Control of Encrypted Information

AC-4 (4) - Flow Control of Encrypted Information

Control requirements

AC-4 (4) - 0

Prevent encrypted information from bypassing [Assignment: organization-defined information flow control mechanisms] by [Selection (one or more): decrypting the information; blocking the flow of the encrypted information; terminating communications sessions attempting to pass encrypted information; [Assignment: organization-defined procedure or method]].

Additional IBM Cloud for Financial Services specifications

This control is required for ISVs.

NIST supplemental guidance

Flow control mechanisms include content checking, security policy filters, and data type identifiers. The term encryption is extended to cover encoded data not recognized by filtering mechanisms.