| This control addresses the binding of organizationally defined attribute association (marking). These attributes are bound to the files and data stored, processed, or transmitted by the components of the network device. The association of security attributes to data objects stored on the network device is referred to as binding.
These attributes are typically associated with internal data structures (e.g., records, buffers, files) within the network device and are used to enable the implementation of automated policy actions. Automated policy actions include access control and flow control policies; reflect special dissemination, handling or distribution instructions; or support other aspects of the information security policy. Types of attributes include classification level. An example of a value for this attribute type is Top Secret.
If the attribute to information binding does not have a high assurance, then information security policies based on these attributes may allow unauthorized subjects or entities to gain access to the information or network.
This requirement is applicable to specific devices and does not involve the management of a network device. |
