AC-4 (6) - Metadata
Control requirements
- AC-4 (6) - 0
- The information system enforces information flow control based on [Assignment: organization-defined metadata].
Additional IBM Cloud for Financial Services specifications
- This control is required for ISVs.
NIST supplemental guidance
Metadata is information used to describe the characteristics of data. Metadata can include structural metadata describing data structures (e.g., data format, syntax, and semantics) or descriptive metadata describing data contents (e.g., age, location, telephone number). Enforcing allowed information flows based on metadata enables simpler and more effective flow control. Organizations consider the trustworthiness of metadata with regard to data accuracy (i.e., knowledge that the metadata values are correct with respect to the data), data integrity (i.e., protecting against unauthorized changes to metadata tags), and the binding of metadata to the data payload (i.e., ensuring sufficiently strong binding techniques with appropriate levels of assurance).