Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged also requires the same or similar level of protection as it moves from one organization to another (protection commensurate with risk). This publication focuses on managing the protection of the information being exchanged or accessed before, during, and after the exchange, and provides guidance on identifying information exchanges, considerations for protecting exchanged information, and the agreement(s) needed to help manage the risk associated with exchanging information. This publication does not provide implementation guidance on any particular type of technology-basd connection or information access or exchange method. Organizations are expected to tailor the guidance to meet specific organizational needs and requirements regarding the information exchange.
agreements, connection, information exchange, information exchange agreement, interconnection, interconnection security agreement, memoranda of agreement, memoranda of understanding, nondisclosure agreement, protection requirements, risk management, service level agreement, user agreement.
, , V.
and Regenscheid, A.
Managing the Security of Information Exchanges, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-47r1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932582
(Accessed July 23, 2021)