|
controlCA-3
Information Exchange (CA-3)
Approve and manage the exchange of information between the system and other systems using [organization-defined]; Document, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated; and Review and update the agreements [organization-defined].
Security Baselines
LOWMODERATEHIGH
assessmentauthorizationmonitoring
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports17
These related controls work together — a change to one may affect the others.
Enhances7
These enhancements add specific capabilities or refinements to the base control.
Related Controls(13)
AC-4Information Flow Enforcement (AC-4)
MH
AC-17Remote Access (AC-17)LMH
AC-20Use of External Systems (AC-20)LMH
AU-16Cross-organizational Audit Logging (AU-16)CA-6Authorization (CA-6)LMH
IA-3Device Identification and Authentication (IA-3)MH
IR-4Incident Handling (IR-4)LMH
PL-2System Security and Privacy Plans (PL-2)LMH
PT-7Specific Categories of Personally Identifiable Information (PT-7)RA-3Risk Assessment (RA-3)LMH
SA-9External System Services (SA-9)LMH
SC-7Boundary Protection (SC-7)LMH
SI-12Information Management and Retention (SI-12)LMH
Control Enhancements(7)
CA-3(1)Unclassified National Security System Connections (CA-3(1))WCA-3(2)Classified National Security System Connections (CA-3(2))WCA-3(3)Unclassified Non-national Security System Connections (CA-3(3))WCA-3(4)Connections to Public Networks (CA-3(4))WCA-3(5)Restrictions on External System Connections (CA-3(5))WCA-3(6)Transfer Authorizations (CA-3(6))
H
CA-3(7)Transitive Information Exchanges (CA-3(7))