Re: [PATCH 09/26] Mapped CCI-000028 to requirement_unclear.

On 6/29/12 5:45 PM, Willy Santos wrote: SRG-OS-000012 CCI-000028 The operating system must prevent encrypted data from bypassing content checking mechanisms. Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and without explicit regard to subsequent accesses to the information. _When data is encrypted, mechanisms designed to examine data content to detect attacks or malicious code are unable to accomplish this task unless they are capable of unencrypting the data._ So... this requirement wants to the OS to mysteriously decrypt the data, pass it through an inspection tool, then re-encrypt it. My vote is /both/ unmet_impractical_guidance and unmet_impractical_product on this one.