Policy 639: External Information Systems establishes responsibilities to ensure connections to information systems external to state systems are documented and properly secured.
Standard 639S1: External System Connections outlines an enterprise approach for establishing and maintaining external connections. This is accomplished by setting clear requirements for planning, establishing, maintaining, and terminating connections between systems that are owned and operated by different organizations.
These documents will replace the following ISD legacy documents:
- Policy 639 replaces legacy Policy 641: External Connections
- Standard 639S1 replaces legacy Standard 641S1: Interconnecting IT Systems
Risks addressed in this policy and standard include:
- Maintaining secure external connections to outside entities to enable agencies to operate effectively
- Establishing requirements for a baseline that provides an effective practice for planning, establishing, maintaining, and terminating interconnections
These documents address the following NIST SP 800-53 security controls and apply organization-defined parameters that are consistent with IRS Publication 1075:
- AC-20: Use of External Information Systems
- AC-20(1): Limits on Authorized Use
- AC-20(2): Portable Storage Devices
- AC-20(3): Non-Organizationally Owned Systems / Components / Devices
- CA-3: System Interconnections
- CM-7: Least Functionality
View or Download: