AC-4(18) — Security Attribute Binding

Security attribute binding means that security labels are cryptographically bound to the data — they cannot be removed or altered without detection. The label is part of the data, not just metadata that can be stripped.

Example 1: Use Microsoft Information Protection with encryption-backed labels. When a label is applied, the document is encrypted with Azure RMS, and the label becomes inseparable from the content. Even if someone renames the file, the protection travels with it.

Example 2: For data in transit, use digital signatures (S/MIME or PGP) on emails containing sensitive data. The signature binds the sender's identity and the message integrity together — any modification to the content after signing will be detected by the recipient.