CA-3(6)

  • Requirement

    Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data.

  • Discussion

    To prevent unauthorized individuals and systems from making information transfers to protected systems, the protected system verifies via independent means whether the individual or system attempting to transfer information is authorized to do so. Verification of the authorization to transfer information also applies to control plane traffic (e.g., routing and DNS) and services (e.g., authenticated SMTP relays).

More Info

  • Title

    Information Exchange | Transfer Authorizations
  • Family

    Assessment, Authorization, and Monitoring
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID

    AC-2;AC-3;AC-4

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!