AC-4(16) — Information Transfers on Interconnected Systems

When two organizations connect their networks, the information flow between them needs explicit controls. You cannot just open a tunnel and hope for the best — there must be documented rules about what data can cross the connection.

Example 1: Document all network interconnections in an Interconnection Security Agreement (ISA) and Memorandum of Understanding (MOU). For each connection, define allowed protocols, ports, and data types on your boundary firewall. Review these agreements annually.

Example 2: On your border firewall, create specific rule sets for each interconnection partner. Use Palo Alto's Zone Protection Profiles to define what traffic can flow between the partner zone and your internal zones. Enable logging on all inter-zone traffic for audit purposes.