CA-9 Internal System Connection

Description

The university has a procedure for authorizing internal interfaces between information resources.

Applicability

• The intended audience includes information resource owners and custodians. This control applies to dedicated internal connections between information systems (i.e., intra-system connections) and does not apply to transitory, user-controlled connections such as email and website browsing.

Implementation

• 1 - The information resource owner or designee shall:

  • 1.1 - Authorize intra-system connections of university information resources.
  • 1.2 - Document, for each intra-system connection, the interface characteristics, security requirements, and the nature of the information communicated.