Top Threats

NIST SP 800-47 Rev. 1 Managing the Security of Information Exchanges

  • 1.  NIST SP 800-47 Rev. 1 Managing the Security of Information Exchanges

    Posted Jul 21, 2021 02:06:00 AM
      |   view attached
    Hi All,

    @Kurt Seifried

    NIST just published SP 800-47 Rev. 1 Managing the Security of Information Exchanges

    Organizations have a mission and business-based needs to exchange or share information with one or more internal or external organizations via various information exchange channels. In order to protect the confidentiality, integrity, and availability of the information commensurate with risk, the information being exchanged requires protection at the same or similar levels as it moves from one organization to another. 

    NIST Special Publication (SP) 800-47, Revision 1, Managing the Security of Information Exchanges, provides guidance on identifying information exchanges; considerations for protecting exchanged information before, during, and after the exchange commensurate with risk; and sample templates of the agreements needed to manage the protection of the exchanged information. Rather than focus on any particular type of technology-based connection or information access, this publication has been updated to define the scope of information exchange, describe the benefits of securely managing information exchange, identify types of information exchanges, discuss potential security risks associated with information exchange, and detail a four-phase methodology to securely manage information exchange between systems and organizations. This document also recommends steps for each phase of the methodology with an emphasis on the security measures necessary to protect the shared data.




    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------