CCI-000260

The organization documents, for each interconnection, the nature of the information communicated.

Implementation Guidance

The organization being inspected/assessed will document in the interconnection security agreement the type of information being transferred/transmitted. Characteristics will include but are not limited to: classification, information type (e.g. PII, HIPAA, FOUO, financial data, etc) Policy Note: Interconnection security agreements are required for systems connecting between enclaves that require the hosting enclave to enable PPS outside of their already established and approved business practices. Connections can include both DoD enclaves or non DoD enclaves.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the interconnection security agreement documentation, specifically to identify the type of information being transferred/transmitted. Characteristics will include but are not limited to: classification, information type (e.g. PII, HIPAA, FOUO, financial data, etc) Policy Note: Interconnection security agreements are required for systems connecting between enclaves that require the hosting enclave to enable PPS outside of their already established and approved business practices. Connections can include both DoD enclaves or non DoD enclaves.

Compelling Evidence

1.) Signed and dated Interconnection Security agreement identifying the type of information being transferred/transmitted 2.) Signed and dated network diagram

The controls below (if any) were marked by NIST as being related to CCI-000260.