CA-3 Information Exchange
Last Review: 10/1/22
Statement
West Texas A&M University information systems that have connections from the information asset to other information systems outside of the authorization boundary must be authorized and reviewed by the ISO and CIO. WTAMU must monitor information assets connections on an ongoing basis verifying enforcement of security requirements.
Applicability
This control applies to all West Texas A&M information resources. The intended audience for this control includes all information resource owners, custodians, and users of information resources.
Implementation
- All third-party connections to WTAMU information systems will be appropriately reviewed by the resource owner as well as the ISO and CIO.
- These connections shall be governed by one or more of the following: a formal contract, a service level agreement, memo of understanding agreement, software license or interconnection security agreement.
- The agreement should include, for each interconnection, the interface characteristics, security requirements, and the nature of the information communicated.
- Agreements and connections shall be reviewed according to University contracting policies.