We recommend that you submit comments using the comment template provided (if possible). If you have any questions, please contact [email protected]. Comments on the presentation and functionality of the glossary should be addressed to [email protected]. Publication Date: January 2021 Comments Expected: March 12, 2021 (public comment period closed) Email Questions to: [email protected] Document that regulates the security-related aspects of a planned connection between an organization and an external system. It regulates the security interface between two systems operating under two different authorities. It contains a variety of descriptive, technical, process engineering and planning information. It is usually preceded by a formal Memorandum of Understanding/Understanding that defines general roles and responsibilities in managing a cross-domain connection. Source(s): SCISS 4009-2015 In this guide, an agreement has been reached between organizations that own and operate networked IT systems to document the technical requirements of the connection. IAPH also supports a Memorandum of Understanding (MOU/A) between organizations. Source(s): NIST SP 800-47 under the Interconnection Security Agreement (ISA) Project SP 800-47 Rev. 1 provides guidance for identifying the exchange of information; risk-based considerations to protect information exchanged before, during and after the exchange; and examples of agreements for managing the protection of information exchanged. . NOTE: A call for claims can be found on page iv of this project.
For more information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications. . Rather than focusing on a specific type of technology-based connection to or access to information, this draft publication has been updated to define the scope of information exchange, describe the benefits of secure management of information exchange, identify types of information exchange, discuss potential security risks associated with information exchange, and develop a four-step methodology for security Manage exchange information between systems and organizations. Organizations are expected to further adapt the guidelines to meet specific organizational requirements and requirements. evaluation, authorization and monitoring; Planning; risk assessment; Protection of the system and communications. This publication focuses on managing the protection of information exchanged or accessed before, during and after the exchange, and not on a specific type of technology-based link or method of access or exchange of information, thus providing guidance for identifying the exchange of information, considerations on the protection of information exchanged and the agreement(s) used to manage the protection of information from the information exchanged. Organisations are expected to adapt the guidelines to the specific organisational needs and requirements related to the exchange of information. Comments on specific definitions should be sent to the authors of the linked source publication. For NIST publications, there is usually an email inside the document. An organization often has a mission and business needs to share (share) information with one or more other internal or external organizations through various information exchange channels; However, it is recognized that the information exchanged also requires the same or similar level of protection when moving from one organization to another (risk-appropriate protection). Companies often share information through various information exchange channels based on their mission and business requirements.
In order to protect the confidentiality, integrity and availability of information exchanged on a risk-based basis, information exchanged must be protected at the same or a similar level when moving from one organisation to another. Continuous monitoring of security and confidentiality; Planning; Risk assessment. Loi fédérale sur la modernisation de la sécurité de l’information Gesetze und Vorschriften; OMB Rundschreiben A-130. . Dokumenthistorie: 26.01.21: SP 800-47 Rev. 1 (Entwurf) 20.07.21: SP 800-47 Rev. 1 (Final) Veröffentlichung: SP 800-47 Rev. 1 (Entwurf) (DOI) Lokaler Télécharger. Kelley Dempsey (NIST), Victoria Pillitteri (NIST), Andrew Regenscheid (NIST). Tim Grance (NIST), Joan Hash (NIST), Steven Peck (BAH), Jonathan Smith (BAH), Karen Korow-Diks (BAH).
. . .