CA-03 Information System Connections
Security Assessment and Authorization
Description
The organization authorizes all connections from the information system to other information systems outside of the accreditation boundary through the use of system connection agreements and monitors/controls the system connections on an ongoing basis.\n
Supplemental Guidance
Since FIPS 199 security categorizations apply to individual information systems, the organization carefully considers the risks that may be introduced when systems are connected to other information systems with different security requirements and security controls, both within the organization and external to the organization. Risk considerations also include information systems sharing the same networks. NIST Special Publication 800-47 provides guidance on connecting information systems. Related security controls: SC-7, SA-9.\n
Changes from Rev 4
Title changed from 'System Interconnections' Parameter includes a selection of multiple types of agreements Control text adds privacy requirements Discussion expanded to cover responsibilities for each system
Enhancements
(0) None.\n