NIST 800-53 REV 5 • ACCESS CONTROL

AC-4(20)Approved Solutions

Employ {{ insert: param, ac-04.20_odp.01 }} to control the flow of {{ insert: param, ac-04.20_odp.02 }} across security domains.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Organizations define approved solutions and configurations in cross-domain policies and guidance in accordance with the types of information flows across classification boundaries. The National Security Agency (NSA) National Cross Domain Strategy and Management Office provides a listing of approved cross-domain solutions. Contact [ncdsmo@nsa.gov](mailto:ncdsmo@nsa.gov) for more information.

Practitioner Notes

Only use approved, tested solutions for cross-domain data transfer. Homegrown scripts and ad hoc methods are not acceptable for moving data between security boundaries.

Example 1: Maintain a list of approved file transfer tools and methods in your system security plan. Only DISA-approved cross-domain solutions (like ISSE Guard, BAE Systems XTS Guard) should be used for classified transfers. Document the approval authority for each solution.

Example 2: For CUI transfers, restrict external file sharing to approved platforms only — for example, DoD SAFE (Secure Access File Exchange) or an organization-approved SFTP server. Block consumer file-sharing services (Google Drive, Dropbox) at the proxy and firewall level.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management