Acrónimos: ISA
Acuerdo entre organizaciones que van a interconectar sus sistemas de información.
Documento que regula los aspectos relevantes para la seguridad de una conexión prevista entre una organización y un sistema externo. Regula la interfaz de seguridad entre dos sistemas que operan bajo dos autoridades diferentes. Incluye una variedad de información descriptiva, aspectos técnicos, de procedimiento, y la planificación. Por lo general, viene después de un acuerdo formal que define las funciones y responsabilidades de alto nivel en la gestión de una conexión entre dominios.
A document that
regulates security-relevant aspects of an intended connection between an agency
and an external system. It regulates the security interface between any two
systems operating under two different distinct authorities. It includes a
variety of descriptive, technical, procedural, and planning information. It is
usually preceded by a formal MOA/MOU that defines high-level roles and
responsibilities in management of a cross-domain connection. [CNSSI_4009:2010]
An Interconnection Security Agreement (ISA) is an agreement established between the organizations that own and operate connected information systems to document the technical requirements of the interconnection. The ISA is a security document that specifies the requirements for connecting the information systems, describes the security controls that will be used to protect the systems and data, and contains a topographical drawing of the interconnection. It is a commitment between the owners of two systems to abide by specific rules of behavior. These rules are discretionary and should be based on risk. [NIST-SP800-100:2006]
Temas relacionados