Skip to main content

πŸ’Ό CA-3 Information Exchange

Description​

a. Approve and manage the exchange of information between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service level agreements; user agreements; nondisclosure agreements; [Assignment: organization-defined type of agreement]]; b. Document, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated; and c. Review and update the agreements [Assignment: organization-defined frequency].

Similar​

  • Internal
    • ID: dec-c-ebd64899

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CA-3 Information Exchange (L)(M)(H)1
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CA-3 Information Exchange (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained31
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected82
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected69
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected67

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CA-3(1) Information Exchange _ Unclassified National Security System Connections
πŸ’Ό CA-3(2) Information Exchange _ Classified National Security System Connections
πŸ’Ό CA-3(3) Information Exchange _ Unclassified Non-national Security System Connections
πŸ’Ό CA-3(4) Information Exchange _ Connections to Public Networks
πŸ’Ό CA-3(5) Information Exchange _ Restrictions on External System Connections
πŸ’Ό CA-3(6) Information Exchange _ Transfer Authorizations
πŸ’Ό CA-3(7) Information Exchange _ Transitive Information Exchanges