E.3.4 Information flow enforcement

Control Details

Objective

Limit the information flow across trust boundaries to participants in the supply chain

Definition

Specify how information flow across trust boundaries is enforced to ensure only the required information is communicated to participants in the supply chain, including but not limited to suppliers, developers, system integrators, and external system providers. Requirements for transmission confidentiality and integrity are integrated into agreements with suppliers. The degree of protection should be based on the sensitivity of the information. Security mechanisms such as authentication, authorization, and encryption can be used to achieve enterprise confidentiality and integrity requirements.

Assessment Questions

1. How is information flow enforced to ensure only the required information is communicated across trust boundaries to participants in the supply chain through mechanisms that ensure transmission confidentiality and integrity?
2. What kind of requirements for transmission confidentiality and integrity are integrated into agreements with suppliers?

Reference sources

1. 800-161 AC-4 SC-8