πΌ CA-3 Information Exchange
- Contextual name: πΌ CA-3 Information Exchange
- ID:
/frameworks/nist-sp-800-53-r5/ca/03 - Located in: πΌ CA Assessment, Authorization, And Monitoring
Descriptionβ
a. Approve and manage the exchange of information between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service level agreements; user agreements; nondisclosure agreements; [Assignment: organization-defined type of agreement]]; b. Document, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated; and c. Review and update the agreements [Assignment: organization-defined frequency].
Similarβ
- Internal
- ID:
dec-c-ebd64899
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ CA-3 Information Exchange (L)(M)(H) | 1 | |||
| πΌ FedRAMP Low Security Controls β πΌ CA-3 Information Exchange (L)(M)(H) | ||||
| πΌ NIST CSF v2.0 β πΌ ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained | 45 | |||
| πΌ NIST CSF v2.0 β πΌ PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected | 114 | |||
| πΌ NIST CSF v2.0 β πΌ PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected | 94 | |||
| πΌ NIST CSF v2.0 β πΌ PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected | 108 |