Interconnection Security Agreement (ISA) and a Memorandum of Understanding/Agreement (MOU/A) are required when two systems interconnects.
The ISA specifies the technical and security requirements of the interconnection (interface characteristics, security requirements, and the nature of the information communicated), and the MOU/A defines the responsibilities of the participating organizations.
ISA and MOU are required when the connection is going out the agency’s boundary.
Only the MOU is required when the two systems interconnecting are both within the agency’s boundary
Data Use Agreement (DUA) establishes who is permitted to use and receive protected information, and the permitted uses and disclosures of such information by the recipient, and provides that the recipient will:
Not use or disclose the information other than as permitted by the DUA or as otherwise required by law,
Use appropriate safeguards to prevent uses or disclosures of the information that are inconsistent with the DUA, and
Report to the covered entity uses or disclosures that are in violation of the DUA, of which it becomes aware.