CCI-000257

The organization authorizes connections from the information system to other information systems through the use of Interconnection Security Agreements.

Implementation Guidance

The organization being inspected/assessed will develop and certify, by appropriate signatures (e.g. AO, network managers), Interconnection Security Agreements (e.g., MOU, MOA, SLA) authorizing the connection of its information systems to other information systems. Policy Note: Interconnection security agreements are required for systems connecting between enclaves that require the hosting enclave to enable PPS outside of their already established and approved business practices. Connections can include both DoD enclaves or non DoD enclaves.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines documentation of the Interconnection Security Agreements to include appropriate signatures. Policy Note: Interconnection security agreements are required for systems connecting between enclaves that require the hosting enclave to enable PPS outside of their already established and approved business practices. Connections can include both DoD enclaves or non DoD enclaves.

Compelling Evidence

1.) Signed and dated MOU, MOA and/or Interconnection Security Agreements

The controls below (if any) were marked by NIST as being related to CCI-000257.