CCI-003862

Approve and manage the exchange of information between the system and other systems using interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service level agreements; user agreement; and/or nondisclosure agreements with an organization-defined type of agreement.

Implementation Guidance

Determine if the exchange of information between the system and other systems is approved and managed using [CA-03_ODP[01]; one or more of the following PARAMETER VALUES is/are selected: {interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service level agreements; user agreements; non-disclosure agreements; [CA-03_ODP[02]; the type of agreement used to approve and manage the exchange of information is defined (if selected)]}].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing system connections; system and communications protection policy; system interconnection security agreements; information exchange security agreements; memoranda of understanding or agreements; service level agreements; non-disclosure agreements; system design documentation; enterprise architecture; system architecture; system configuration settings and associated documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for developing, implementing, or approving system interconnection agreements; organizational personnel with information security and privacy responsibilities; personnel managing the system(s) to which the interconnection security agreement applies].

The controls below (if any) were marked by NIST as being related to CCI-003862.