Connection Segregation. In accordance with the Standard Reinsurance Agreement SRA, AIPs will implement Information Security and Privacy controls at a moderate impact security categorization level. At a minimum, AIPs will implement the Basic Security Requirements outlined in NIST SP 800-171. NIST SP 800-171 focuses on protecting the confidentiality of Controlled Unclassified Information (CUI) in nonfederal systems and organizations, and recommends specific security requirements to achieve that objective. The basic security requirements apply only to components of nonfederal systems that process, store, or transmit CUI, or that provide security protection for such components.
Connection Segregation. <<RO Code or Acronym>> infrastructure and applications will be sufficiently segregated to ensure a vulnerability cannot be exploited between RMA and the <<RO Code or Acronym>>’s systems. Further, <<RO Code or Acronym>> will ensure that only staff who are authorized access the applications above will have access to the interconnection. All users and administrators will protect the information transmitted in accordance with all required laws, regulations, NIST guidance, and agreements with RMA.
Connection Segregation. If the two systems being connected have different FIPS 199 categorizations, how are the systems going to be segregated to ensure that a vulnerability that could be exploited on the lower categorized system cannot be used to compromise the higher categorized system. Firewall rules will be set up and enforced to ensure that only necessary services are accessible.
