CA-03 Information System Connections

Control: The organization authorizes all connections from the information system to other information systems outside of the accreditation boundary through the use of system connection agreements and monitors/controls the system connections on an ongoing basis.

Supplemental Guidance: Since FIPS 199 security categorizations apply to individual information systems, the organization carefully considers the risks that may be introduced when systems are connected to other information systems with different security requirements and security controls, both within the organization and external to the organization. Risk considerations also include information systems sharing the same networks. NIST Special Publication 800-47 provides guidance on connecting information systems. Related security controls: SC-7, SA-9.

Control Enhancements: (0) None.

Baseline: LOW CA-3 MOD CA-3 HIGH CA-3

Family: Certification, Accreditation, And Security Assessments

Class: Management

ISO 17799 mapping: 10.6.2, 10.9.1, 11.4.5, 11.4.6, 11.4.7

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: 1.1.5, 1.1.6