Notice

01/10/2025: Due to sustained inclement winter weather conditions, all Tarleton State University campuses will remain closed with alternative work locations for employees Friday, Jan. 10. More Information

CA-3: Information Exchange

NIST Baseline: Low

DIR Required By: 07/20/2023

Review Date: 06/26/2024

The Tarleton State University (Tarleton) Office of Innovative Technology Solutions (OITS) authorizes all dedicated connections from Tarleton’s information resources to external information systems. Generally, connections are in scope if they are dedicated and (semi)-permanent. This control does not apply to user-controlled, transitory connections (such as email or website browsing).
- Interconnection security agreements for non-publicly accessible information must be established with all outside information providers/consumers.
- Each exchange agreement must document:
  - The purpose of the connection;
  - The nature of the information communicated including the Texas A&M University System (TAMUS) data classification, and FIPS 199 impact levels;
  - Interface characteristics including host names or IP addresses, data transfer method, ports, and protocols;
  - Security and privacy requirements; and
  - Data transfer frequency.
- The Tarleton CISO is responsible for ensuring that interconnection security agreements are reviewed periodically.

References/Additional Resources

TAMUS data classification