CCI-000259

Implementation Guidance

The organization being inspected/assessed will, for each interconnection, identify and document any additional security controls to be implemented to protect the confidentiality, integrity, and availability of the connected systems and the data passing between them. Controls should be appropriate for the systems to be connected and the environment in which the interconnection will operate. Policy Note: Interconnection security agreements are required for systems connecting between enclaves that require the hosting enclave to enable PPS outside of their already established and approved business practices. Connections can include both DoD enclaves or non DoD enclaves.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines interconnection security agreement documentation, specifically looking at any additional security controls identified for implementation. Policy Note: Interconnection security agreements are required for systems connecting between enclaves that require the hosting enclave to enable PPS outside of their already established and approved business practices. Connections can include both DoD enclaves or non DoD enclaves.

Compelling Evidence

1.) Signed and dated Interconnection Security Agreement referencing section for additional security controls 2.) Signed and dated network diagram