Automated mechanisms exist to decompose information into policy-relevant subcomponents for submission to policy enforcement mechanisms, when transferring information between different security domains.

Does the organization use automated mechanisms to decompose information into policy-relevant subcomponents for submission to policy enforcement mechanisms, when transferring information between different security domains?