U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Managing the Security of Information Exchanges: NIST Publishes SP 800-47, Rev. 1
July 20, 2021

Organizations have mission and business-based needs to exchange or share information with one or more internal or external organizations via various information exchange channels. In order to protect the confidentiality, integrity, and availability of the information commensurate with risk, the information being exchanged requires protection at the same or similar levels as it moves from one organization to another. 

NIST Special Publication (SP) 800-47 Revision 1, Managing the Security of Information Exchanges, provides guidance on identifying information exchanges; considerations for protecting exchanged information before, during, and after the exchange commensurate with risk; and sample templates of the agreements needed to manage the protection of the exchanged information. Rather than focus on any particular type of technology-based connection or information access, this publication has been updated to define the scope of information exchange, describe the benefits of securely managing information exchange, identify types of information exchanges, discuss potential security risks associated with information exchange, and detail a four phase methodology to securely manage information exchange between systems and organizations. This document also recommends steps for each phase of the methodology with an emphasis on the security measures necessary to protect the shared data.

For any questions, please contact sec-cert@nist.gov.

Created July 20, 2021