Description

The university authorizes all dedicated connections from university information resources to other information resources outside of the university through the use of system connection agreements and monitors/controls the connections on an ongoing basis.

Applicability

  • The intended audience includes information resource owners and custodians. This control applies to dedicated connections between information systems (i.e., system interconnections) and does not apply to transitory, user-controlled connections such as email and website browsing.

Implementation

  • 1

    The information resource owner or designee shall:

    • 1.1

      Authorize connections from an information resource to external information resources through the use of Interconnection Security Agreements.

    • 1.2

      Document, for each interconnection, the interface characteristics, security requirements, and the nature of the information communicated.

    • 1.3

      Review and update Interconnection Security Agreements annually.

    • 1.4

      Include Interconnection Security Agreements with annual risk assessments.