AC-4 (4) - Flow Control of Encrypted Information
Control requirements
AC-4 (4) - 0
Prevent encrypted information from bypassing [Assignment: organization-defined information flow control mechanisms] by [Selection (one or more): decrypting the information; blocking the flow of the encrypted information; terminating communications sessions attempting to pass encrypted information; [Assignment: organization-defined procedure or method]].
Additional IBM Cloud for Financial Services specifications
This control is required for ISVs.
NIST supplemental guidance
Flow control mechanisms include content checking, security policy filters, and data type identifiers. The term encryption is extended to cover encoded data not recognized by filtering mechanisms.