NIST SP 800-53r1
A mechanism limiting the exchange of information between information systems or subsystems.
NIST SP 800-53r2
A mechanism limiting the exchange of information between information systems or subsystems. (CNSS Inst. 4009, Adapted)
Guards are distinguished from firewalls in three major ways: a. Guards have an application filtering capability that is much stronger than a typical application filtering firewall. Guards use a reclassifier application to control what data is passed from one enclave to another. The reclassifier application uses a collection of filters to review application data content. b. Guard software is generally developed to meet higher assurance requirements. c. Guards undergo a much more extensive test and evaluation (e.g. source code analysis, unconstrained penetration testing, and design documentation review) to provide a significantly higher level of confidence that they will operate correctly.