Acrónimos: ISA
Acuerdo entre organizaciones que van a interconectar
sus sistemas de información.
Documento que regula los aspectos relevantes para la
seguridad de una conexión prevista entre una organización y un sistema externo.
Regula la interfaz de seguridad entre dos sistemas que operan bajo dos
autoridades diferentes. Incluye una variedad de información descriptiva, aspectos
técnicos, de procedimiento, y la planificación. Por lo general, viene después
de un acuerdo formal que define las funciones y responsabilidades de alto nivel
en la gestión de una conexión entre dominios.
A document that regulates
security-relevant aspects of an intended connection between an agency and an
external system. It regulates the security interface between any two systems
operating under two different distinct authorities. It includes a variety of
descriptive, technical, procedural, and planning information. It is usually
preceded by a formal MOA/MOU that defines high-level roles and responsibilities
in management of a cross-domain connection. [CNSSI_4009:2010]
An Interconnection Security
Agreement (ISA) is an agreement established between the organizations that own
and operate connected information systems to document the technical
requirements of the interconnection. The ISA is a security document that
specifies the requirements for connecting the information systems, describes
the security controls that will be used to protect the systems and data, and
contains a topographical drawing of the interconnection. It is a commitment
between the owners of two systems to abide by specific rules of behavior. These
rules are discretionary and should be based on risk. [NIST-SP800-100:2006]