IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Interconnection Security Agreements

1.0 Identification Data
1.1 BSP Number
00010
1.2 BSP Title/Name
How Interconnection Security Agreements are used at the US Customs
1.3 Adoption Date
08/25/2000
1.4 Version Number
1
1.5 Approving Authority
1.6 Responsible Organization
U.S. Customs, Information Systems Security Branch
1.7 Level of BSP
1.8 Security Processes or other Framework(s) Supported
Framework(s): Security Process Framework NIST 800-14 (para. 3.2.1)
   Security Process Area(s): Security Program Management
       Security Subprocess(es): Capture security view of system operation Establish liaison with internal and external organizations
1.9 Reserved
1.10 Points of Contact
Government BSP Owner:
Mr. John M. Buckley
U.S. Customs
7681 Boston Boulevard
Springfield, VA 22153
V: 703-921-6365
F: 703-921-6570
John.M.Buckley@customs.treas.gov
2.0 What This BSP Does
2.1 BSP's Purpose
The Interconnection Security Agreement (ISA) documents and formalizes the interconnection of two systems owned by two different organizations. It specifies the requirement, and more specifically, the security safeguards for the systems being interconnected. It is then adjudicated and signed by the respective designated Accrediting Authority from those two organizations.
2.2 Requirements for this BSP
An ISA is used to support a Memorandum of Understanding (MOU) that establishes the requirements for data exchange between two organizations. The MOU is used to document the business requirement and all the legal jargon necessary to support the business relations between the two organizations. The MOU should not include technical details on how the interconnection is consummated, that is the function of the ISA. An ISA is a distinct security-related document that outlines the technical solution and security requirements for the interconnection. It does not replace an MOU. As older MOUs are updated, they should be changed to refer to the appropriate ISA covering the connectivity addressed by the MOU. Use of the ISA is compliant with other elements of the Federal Government.
2.3 Success Stories
One of the neatest things about an ISA is once all the ISAs for an organization are completed, it is then possible to create a database that show all the connections that an organization has with all other "outsider" organizations. Typically, this is something that is lost in larger organizations with a multitude of connections.
3.0 What This BSP Is
3.1 Description of BSP
An ISA is a distinct security-related document that outlines the technical solution and security requirements for the interconnection. It does not replace an MOU. As older MOUs are updated, they should be changed to refer to the appropriate ISA covering the connectivity addressed by the MOU. Use of the ISA is compliant with other elements of the Federal Government. An example of an ISA is provided in the attached file.
3.2 Relationship to Other BSPs
Relationships will be identified as additional BSPs are catalogued.
4.0 How To Use This BSP
4.1 Implementation Guidance
See the attached implementation guidance document.
4.2 Implementation Resource Estimates
Accomplished by the Computer Security Officer as part of the accreditation of a system.
4.3 Performance Goals and Indicators (Metrics)
Not applicable.
4.4 Tools
None.
4.5 Training Materials
None.
Appendices
A Executive Overview and Briefing
None
B Reference List
Not applicable.
C Procurement Information
Not applicable.
D Evaluation Information
Not applicable.
E Recommended Changes
Not applicable.
F Glossary
.ISA: Interconnection Security Agreement