 |
Interconnection Security Agreements
| 1.0 | Identification Data |
| 1.1 | BSP Number |
| 00010 | |
| 1.2 | BSP Title/Name |
| How Interconnection Security Agreements are used at the US Customs | |
| 1.3 | Adoption Date |
| 08/25/2000 | |
| 1.4 | Version Number |
| 1 | |
| 1.5 | Approving Authority |
| 1.6 | Responsible Organization |
| U.S. Customs, Information Systems Security Branch | |
| 1.7 | Level of BSP |
| 1.8 | Security Processes or other Framework(s) Supported |
| Framework(s): Security Process Framework NIST
800-14 (para. 3.2.1) Security Process Area(s): Security Program Management Security Subprocess(es): Capture security view of system operation Establish liaison with internal and external organizations |
|
| 1.9 | Reserved |
| 1.10 | Points of Contact |
| Government BSP Owner: Mr. John M. Buckley U.S. Customs 7681 Boston Boulevard Springfield, VA 22153 V: 703-921-6365 F: 703-921-6570 John.M.Buckley@customs.treas.gov |
|
| 2.0 | What This BSP Does |
| 2.1 | BSP's Purpose |
| The Interconnection Security Agreement (ISA) documents and formalizes the interconnection of two systems owned by two different organizations. It specifies the requirement, and more specifically, the security safeguards for the systems being interconnected. It is then adjudicated and signed by the respective designated Accrediting Authority from those two organizations. | |
| 2.2 | Requirements for this BSP |
| An ISA is used to support a Memorandum of Understanding (MOU) that establishes the requirements for data exchange between two organizations. The MOU is used to document the business requirement and all the legal jargon necessary to support the business relations between the two organizations. The MOU should not include technical details on how the interconnection is consummated, that is the function of the ISA. An ISA is a distinct security-related document that outlines the technical solution and security requirements for the interconnection. It does not replace an MOU. As older MOUs are updated, they should be changed to refer to the appropriate ISA covering the connectivity addressed by the MOU. Use of the ISA is compliant with other elements of the Federal Government. | |
| 2.3 | Success Stories |
| One of the neatest things about an ISA is once all the ISAs for an organization are completed, it is then possible to create a database that show all the connections that an organization has with all other "outsider" organizations. Typically, this is something that is lost in larger organizations with a multitude of connections. | |
| 3.0 | What This BSP Is |
| 3.1 | Description of BSP |
| An ISA is a distinct security-related document that outlines the technical solution and security requirements for the interconnection. It does not replace an MOU. As older MOUs are updated, they should be changed to refer to the appropriate ISA covering the connectivity addressed by the MOU. Use of the ISA is compliant with other elements of the Federal Government. An example of an ISA is provided in the attached file. |
| 3.2 | Relationship to Other BSPs |
| Relationships will be identified as additional BSPs are catalogued. | |
| 4.0 | How To Use This BSP |
| 4.1 | Implementation Guidance |
| See the attached implementation guidance document. | |
| 4.2 | Implementation Resource Estimates |
| Accomplished by the Computer Security Officer as part of the accreditation of a system. | |
| 4.3 | Performance Goals and Indicators (Metrics) |
| Not applicable. | |
| 4.4 | Tools |
| None. | |
| 4.5 | Training Materials |
| None. | |
| Appendices | |
| A | Executive Overview and Briefing |
| None | |
| B | Reference List |
| Not applicable. | |
| C | Procurement Information |
| Not applicable. | |
| D | Evaluation Information |
| Not applicable. | |
| E | Recommended Changes |
| Not applicable. | |
| F | Glossary |
| .ISA: Interconnection Security Agreement | |