Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Guide for Interconnecting Information Technology Systems

Published

Author(s)

Timothy Grance, Joan Hash, Steven Peck, Jonathan Smith, Karen Korow-Diks

Abstract

The Security Guide for Interconnecting Information Technology Systems provides guidance for planning, establishing, maintaining, & terminating interconnections between information technology (IT) systems that are owned & operated by different organizations. They are consistent with the requirements specified in the Office of Management and Budget (OMB) Circular A-130, Appendix III, for system interconnection and information sharing. A system interconnection is defined as the direct connection of two or more IT systems for the purpose of sharing data & other information resources. The document describes benefits of interconnecting IT systems, defines the basic components of an interconnection, identifies methods & levels of interconnectivity, & discusses potential security risks. The document then presents a ?life-cycle? approach for system interconnections, with an emphasis on security. Four phases are addressed:?Planning the interconnection: the organizations perform preliminary activities; examine technical, security, & administrative issues; & form an agreement governing the management, operation, & use of the interconnection.?Establishing the interconnection: the organizations develop & execute a plan for establishing the interconnection, including implementing or configuring security controls. ?Maintaining the interconnection: the organizations maintain the interconnection after it is established to ensure that it operates properly & securely.?Disconnecting the interconnection: one or both organizations may terminate the interconnection. The termination should be conducted in a planned manner to avoid disrupting the other party?s system. In an emergency, however, one or both organizations may choose to terminate the interconnection immediately. The document provides recommended steps for completing each phase, emphasizing security measures to protect the systems & shared data. The document also contains guides & samples for developing an Interconnection Security Agreement (ISA) & a Memorandum of Understanding/Agreement (MOU/A). The ISA specifies technical & security requirements of the interconnection; the MOU/A defines the responsibilities of the organizations. Finally, the document contains a guide for developing an Implementation Plan to establish the interconnection.
Citation
Special Publication (NIST SP) - 800-47
Report Number
800-47

Keywords

information systems security, interconnecting systems, IT security, SDLC, system development life cycle

Citation

Grance, T. , Hash, J. , Peck, S. , Smith, J. and Korow-Diks, K. (2002), Security Guide for Interconnecting Information Technology Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51032 (Accessed April 16, 2024)
Created September 1, 2002, Updated January 27, 2020