💼 CA-3 Information Exchange
- ID:
/frameworks/nist-sp-800-53-r5/ca/03
Description​
a. Approve and manage the exchange of information between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service level agreements; user agreements; nondisclosure agreements; [Assignment: organization-defined type of agreement]]; b. Document, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated; and c. Review and update the agreements [Assignment: organization-defined frequency].
Similar​
- Internal
- ID:
dec-c-ebd64899
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 CA-3 Information Exchange (L)(M)(H) | 1 | no data | |||
| 💼 FedRAMP Low Security Controls → 💼 CA-3 Information Exchange (L)(M)(H) | no data | ||||
| 💼 NIST CSF v2.0 → 💼 ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained | 69 | no data | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected | 148 | no data | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected | 125 | no data | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected | 142 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CA-3(1) Information Exchange _ Unclassified National Security System Connections | no data | ||||
| 💼 CA-3(2) Information Exchange _ Classified National Security System Connections | no data | ||||
| 💼 CA-3(3) Information Exchange _ Unclassified Non-national Security System Connections | no data | ||||
| 💼 CA-3(4) Information Exchange _ Connections to Public Networks | no data | ||||
| 💼 CA-3(5) Information Exchange _ Restrictions on External System Connections | no data | ||||
| 💼 CA-3(6) Information Exchange _ Transfer Authorizations | no data | ||||
| 💼 CA-3(7) Information Exchange _ Transitive Information Exchanges | no data |