Navigate

CCI-003865

CCI-003865 Definition

Identify transitive (downstream) information exchanges with other systems through the systems identified in CA-3a.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if transitive (downstream) information exchanges with other systems through the systems identified in CA-03a are identified.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing system connections; system and communications protection policy; system interconnection agreements; information exchange security agreements; memoranda of understanding or agreements; service level agreements; non-disclosure agreements; system design documentation; system configuration settings and associated documentation; control assessment report; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for managing connections to external systems; network administrators; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms implementing restrictions on external system connections].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003865.

Control	Description
CA-3(7)	(a): Identify transitive (downstream) information exchanges with other systems through the systems identified in [CA-3a](#ca-3_smt.a) ; and (b): Take measures to ensure that transitive (downstream) information exchanges cease when the controls on identified transitive (downstream) systems cannot be verified or validated.