The flow of all network traffic must be controlled, so it does not introduce any unacceptable risk to the network infrastructure or data. Information flow control regulates where information is allowed to travel within a network and between interconnected networks. This control requires the organization implement hardware mechanisms, such as the network device, to enforce one-way traffic flows.
Compliance with this control requires the installation of application network device and deep packet inspection. Since these types of network devices are protocol- or application-specific, the organization must define which traffic type, application, sources, or interface this rule applies to (e.g., HTTP/HTTPS, SMTP, SSH, DNS, ICMP, or other). This control will not apply to every network device in the implementation. |