AC-21: Information Sharing

authorized users are enabled to determine whether access authorizations assigned to a sharing partner match the information’s access and use restrictions for information-sharing circumstances ;

automated mechanisms are employed to assist users in making information-sharing and collaboration decisions.

Access control policy

procedures addressing user-based collaboration and information sharing (including restrictions)

system design documentation

system configuration settings and associated documentation

list of users authorized to make information-sharing/collaboration decisions

list of information-sharing circumstances requiring user discretion

non-disclosure agreements

acquisitions/contractual agreements

system security plan

privacy plan

privacy impact assessment

security and privacy risk assessments

other relevant documents or records

Organizational personnel responsible for information-sharing/collaboration decisions

organizational personnel with responsibility for acquisitions/contractual agreements

system/network administrators

organizational personnel with information security and privacy responsibilities

Automated mechanisms or manual process implementing access authorizations supporting information-sharing/user collaboration decisions