RE: Interagency Security Policy Assistance

[Garry Baker <bakerga () yahoo com>]

some information on the way the DoD does it:

https://snap.dod.mil/cap_index.cfm

http://www.dtic.mil/cjcs_directives/cdata/unlimit/6211_02.pdf


--- "Hornsby, Steven W. (CMS/OFM)"
<Steven.Hornsby () CMS hhs gov> wrote:

> Rico,
>
> You may want to have a system interconnection
> policy, that states what
> type of connection can be established and
> information can be shared
> ect... it's also helpful to have a Non- Disclosure
> Agreement(NDA) with
> all parties that connect to your environment if your
> information system
> contains sensitive data.
>
>  
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> On Behalf Of Abimbola, Abiola
> Sent: Thursday, March 06, 2008 4:42 AM
> To: Lafosse, Ricardo;
> security-basics () securityfocus com
> Subject: RE: Interagency Security Policy Assistance
>
> Hi Rico ,
>
> You can call the policy 3rd party logical access
> control policy. 
> You should also look into checking for updated anti
> virus products on
> the 3rd party machine, security parch level and for
> the 3rd party to
> sign agreement to your company computer use policy,
> data protection and
> other legislation.
>
> Good luck
>
> Abiola Abimbola
> Information Security Analyst
> BSkyB (England)
> 111-5409
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> On Behalf Of Lafosse, Ricardo
> Sent: 05 March 2008 19:54
> To: security-basics () securityfocus com
> Subject: Interagency Security Policy Assistance
>
>
>
> Good Afternoon All,
>
> I am working on creating a security policy that
> specifically dictates
> what specific agencies may enter our network and
> what protocols are
> allowed to enter our network. 
> A little more clarification:
> The specific agencies are directly connected to our
> network with
> firewalls at our borders. 
> I need some suggestions on what to call the policy
> and if it should just
> be a bulleted list or not.
> Thanks for all your inputs,
>
> Cheers,
>
> Rico
>
>
> -----------------------------------------
> Information in this email including any attachments
> may be
> privileged, confidential and is intended exclusively
> for the
> addressee. The views expressed may not be official
> policy, but the
> personal views of the originator. If you have
> received it in error,
> please notify the sender by return e-mail and delete
> it from your
> system. You should not reproduce, distribute, store,
> retransmit,
> use or disclose its contents to anyone.
>
> Please note we reserve the right to monitor all
> e-mail
> communication through our internal and external
> networks.
>
> SKY and the SKY marks are trade marks of British Sky
> Broadcasting
> Group plc and are used under licence. British Sky
> Broadcasting
> Limited (Registration No. 2906991), Sky Interactive
> Limited
> (Registration No. 3554332), Sky-In-Home Service
> Limited
> (Registration No. 2067075) and Sky Subscribers
> Services Limited
> (Registration No. 2340150) are direct or indirect
> subsidiaries of
> British Sky Broadcasting Group plc (Registration No.
> 2247735). All
> of the companies mentioned in this paragraph are
> incorporated in
> England and Wales and share the same registered
> office at Grant
> Way, Isleworth, Middlesex TW7 5QD.    


-- 
Garry L. Baker

"Man is not intended to see through the eyes of another, hear through another's ears nor comprehend with another's 
brain... Therefore depend upon your own reason and judgment and adhere to the outcome of your own investigation…"  
-`Abdu'l-Bahá