The intended audience includes information resource owners and custodians. This control applies to dedicated internal connections between information systems (i.e., intra-system connections) and does not apply to transitory, user-controlled connections such as email and website browsing.

The information resource owner or designee shall:

• 1.1

  Authorize intra-system connections of university information resources.

• 1.2

  Document, for each intra-system connection, the interface characteristics, security requirements, and the nature of the information communicated.