NIST 800-53 REV 5 • ACCESS CONTROL

AC-4(30)Filter Mechanisms Using Multiple Processes

When transferring information between different security domains, implement content filtering mechanisms using multiple processes.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The use of multiple processes to implement content filtering mechanisms reduces the likelihood of a single point of failure.

Practitioner Notes

Running filters as separate processes or on separate systems adds resilience. If one filter process crashes or is compromised, the others continue operating independently.

Example 1: Run your antivirus engine, DLP scanner, and sandbox detonation service as separate containerized microservices. If the AV container crashes, the DLP and sandbox containers continue processing. Use Kubernetes health checks to restart failed containers automatically.

Example 2: Deploy your email filtering on separate physical or virtual appliances — one for spam filtering (Proofpoint), one for malware scanning (FireEye EX), and one for DLP (Symantec DLP). Each operates independently, and a failure in one does not disable the others.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management