Dempsey, K.
, Pillitteri, V.
and Regenscheid, A.
(2021),
Managing the Security of Information Exchanges, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-47r1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932582
(Accessed April 26, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Managing the Security of Information Exchanges
Published
Author(s)
, ,
Abstract
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged also requires the same or similar level of protection as it moves from one organization to another (protection commensurate with risk). This publication focuses on managing the protection of the information being exchanged or accessed before, during, and after the exchange, and provides guidance on identifying information exchanges, considerations for protecting exchanged information, and the agreement(s) needed to help manage the risk associated with exchanging information. This publication does not provide implementation guidance on any particular type of technology-basd connection or information access or exchange method. Organizations are expected to tailor the guidance to meet specific organizational needs and requirements regarding the information exchange.Citation
Special Publication (NIST SP) - 800-47rev1
Report Number
800-47rev1
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
agreements, connection, information exchange, information exchange agreement, interconnection, interconnection security agreement, memoranda of agreement, memoranda of understanding, nondisclosure agreement, protection requirements, risk management, service level agreement, user agreement.
Citation
Created July 20, 2021, Updated November 29, 2022