CA-3.6: Transfer Authorizations

Access control policy

procedures addressing system connections

system and communications protection policy

system interconnection agreements

information exchange security agreements

memoranda of understanding or agreements

service level agreements

non-disclosure agreements

system design documentation

system configuration settings and associated documentation

control assessment report

system audit records

system security plan

privacy plan

other relevant documents or records

Organizational personnel with responsibilities for managing connections to external systems

network administrators

organizational personnel with information security and privacy responsibilities

Mechanisms implementing restrictions on external system connections