base control objective:
supplemental objective information:
enhancements to the base objective:
(1) The information system dynamically reconfigures security attributes in accordance with an identified security policy as information is created and combined.
(2) The information system allows authorized entities to change security attributes.
(3) The information system maintains the binding of security attributes to information with sufficient assurance that the information--attribute association can be used as the basis for automated policy actions. Enhanced Supplemental Guidance: Examples of automated policy actions include automated access control decisions (e.g., Mandatory Access Control decisions), or decisions to release (or not release) information (e.g., information flows via cross domain systems).
(4) The information system allows authorized users to associate security attributes with information. Enhanced Supplemental Guidance: The support provided by the information system can vary from prompting users to select security attributes to be associated with specific information objects, to ensuring that the combination of attributes selected is valid.
(5) The information system displays security attributes in human-readable form on each object (page, screen, or equivalent) that the system outputs to external output devices to identify [Assignment: organization-identified set of special dissemination, handling, or distribution instructions] using [Assignment: organization-identified human readable, standard naming conventions].
mapping to FIPS199 baseline:
related (regimented) controls:
documents referenced in SP800-53rev3 for AC-16: