C.3.5.9 - Information sharing
The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, October 2007 specifies Information Sharing as relating to any method or function, for a given business area, facilitating: data being received in a usable medium by one or more departments or agencies as provided by a separate department or agency or other entity; and data being provided, disseminated or otherwise made available or accessible by one department or agency for use by one or more separate departments or agencies, or other entities, as appropriate.
Since Information Sharing, as a function, is receiving and disseminating data [other information types] from business areas already identified, this BRM information type will not require its own impact assessment. Therefore, agency personnel should identify the information sharing information type as a pure resource management support activity for the evaluated information system. With the information sharing information type identified, agency personnel can track the flow of information to interfacing systems. The recommended security categorization for the information sharing information type is as follows:
Security category
Confidentiality Null
Integrity Null
Availability Null