The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-47 Rev. 1 Managing the Security of Information Exchanges.
The Special Publication (SP) 800-47 Rev. 1 provides “guidance for planning, establishing,
maintaining, and discontinuing information exchange and access between systems that are owned and
operated by different organizations (internal or external) or that cross authorization boundaries.”
An abstract from SP 800-47 Rev.1:
An organization often has mission and business-based needs to exchange (share) information with one
NIST
or more other internal or external organizations via various information exchange channels. However, it
is recognized that the information being exchanged also requires the same or similar level of protection
as it moves from one organization to another (protection commensurate with risk).
This publication focuses on managing the protection of the information being exchanged or accessed
before, during, and after the exchange and provides guidance on identifying information exchanges,
considerations for protecting exchanged information, and the agreement(s) needed to help manage the
risk associated with exchanging information. This publication does not provide implementation guidance
on any particular type of technology-based connection, information access, or exchange method.
Organizations are expected to tailor the guidance to meet specific organizational needs and
requirements regarding the information exchange.
Related Articles & Links
- NIST SP 800-177 Revision 1: “Trustworthy Email”
- New Email Security Guidelines To Combat Phishing Threats
- Microsoft uncovers NOBELIUM ‘sophisticated email-based attack’
- FBI and CISA issue urgent joint cybersecurity advisory on Exchange server hacks
- Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)