System Interconnections | CA-3

Description

The designated IT department authorizes all dedicated connections from the organization's information resources to external information systems. Generally, connections are in scope if they are dedicated and (semi)-permanent. This control does not apply to user-controlled, transitory connections (such as email, or website browsing).

• Interconnection security agreements for non-publicly accessible information must be established with all outside information providers/consumers.
• Interconnections must be approved by the Cybersecurity Manager or their designee and the Chief Information & Technology Officer's designee for the information resource.

Last updated: 5/12/2026