NIST 800-53 REV 5 • ACCESS CONTROL

AC-4(3)Dynamic Information Flow Control

Enforce {{ insert: param, ac-04.03_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Organizational policies regarding dynamic information flow control include allowing or disallowing information flows based on changing conditions or mission or operational considerations. Changing conditions include changes in risk tolerance due to changes in the immediacy of mission or business needs, changes in the threat environment, and detection of potentially harmful or adverse events.

Practitioner Notes

Dynamic information flow control means the rules can change in real time based on policy updates or threat conditions. The system adapts how data flows without requiring manual firewall changes.

Example 1: On a Palo Alto next-gen firewall, enable Dynamic Address Groups that pull threat intelligence feeds. When a destination IP is flagged as malicious, the firewall automatically blocks data flow to that address — no manual rule change needed.

Example 2: In Azure Sentinel, create an automated playbook (Logic App) that triggers on a high-severity alert and automatically updates NSG rules to block the offending IP or isolate the affected subnet. The flow control changes happen within seconds of detection.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management