Description
The information system appropriately labels information in storage, in process, and in transmission.\n
Supplemental Guidance
Automated labeling refers to labels employed on internal data structures (e.g., records, files) within the information system. Information labeling is accomplished in accordance with: (i) access control requirements; (ii) special dissemination, handling, or distribution instructions; or (iii) as otherwise required to enforce information system security policy.\n
Changes from Rev 4
Title changed from 'Security Attributes' Adds privacy to parameters Adds control text for auditing changes to attributes Adds control text and parameters for reviewing security and privacy attributes at a specified frequency Discussion includes new attributes and incorporates discussion about security attribute binding from withdrawn control AC-4(18)
Enhancements
(0) None.\n