CCI-000258

Implementation Guidance

Determine if: - the interface characteristics are documented as part of each exchange agreement. - security requirements are documented as part of each exchange agreement. - privacy requirements are documented as part of each exchange agreement. - controls are documented as part of each exchange agreement. - responsibilities for each system are documented as part of each exchange agreement. - the impact level of the information communicated is documented as part of each exchange agreement.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing system connections; system and communications protection policy; system interconnection security agreements; information exchange security agreements; memoranda of understanding or agreements; service level agreements; non-disclosure agreements; system design documentation; enterprise architecture; system architecture; system configuration settings and associated documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for developing, implementing, or approving system interconnection agreements; organizational personnel with information security and privacy responsibilities; personnel managing the system(s) to which the interconnection security agreement applies].