Hi All,
NIST Special Publication (SP) 800-47, Revision 1, Managing the Security of Information Exchanges, provides guidance on identifying information exchanges; risk-based considerations for protecting exchanged information before, during, and after the exchange; and example agreements for managing the protection of the exchanged information.
Rather than focus on any particular type of technology-based connection or information access, this draft publication has been updated to define the scope of information exchange, describe the benefits of securely managing the information exchange, identify types of information exchanges, discuss potential security risks associated with information exchange, and detail a four-phase methodology to securely manage information exchange between systems and organizations. Organizations are expected to further tailor the guidance to meet specific organizational needs and requirements.
NIST is specifically interested in feedback on:
- Whether the agreements addressed in the draft publication represent a comprehensive set of agreements needed to manage the security of information exchange.
- Whether the matrix provided to determine what types of agreements are needed is helpful in determining appropriate agreement types.
- Whether additional agreement types are needed, as well as examples of additional agreements.
- Additional resources to help manage the security of information exchange.
A public comment period for this document is open through March 12, 2021. See the
publication details for a copy of the draft publication and instructions for submitting comments using the comment template provided.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------