CA-9: Internal System Connections

NIST Baseline:  Low 

DIR Required By:  07/20/2023 

Review Date:  06/26/2024

• Information resource owners or their designee are responsible for: 
  • Authorizing internal interconnections (internal connections for a class of components with common characteristics and/or configurations may be authorized as a group);  
  • Ensuring internal connections are documented including:  
    • Purpose of the connection.  
    • Nature of the information communicated based on the Texas A&M University System (TAMUS) data classification and the Federal Information Processing Standards (FIPS) 199 impact levels.  
    • Interface characteristics including host names or IP addresses, data transfer method, ports, and protocols.  
    • Security requirements and other relevant details about how the information is protected (e.g. authentication, encryption, and firewall rules).  
    • Data transfer frequency.  
  • Ensuring that internal interconnections are reviewed periodically to update documentation and terminate connections that are not in use. 

---

References/Additional Resources

FIPS 199

TAMUS data classification