An interconnection security agreement (ISA) documents the technical requirements of the interconnection between what entities?

Interconnection security agreements focus on the security requirements for connections that cross organizational boundaries. They formalize how two or more organizations that own and operate connected IT systems will protect data as the systems interconnect, covering who is responsible for what, where the boundary lies, and which controls are required for the link. This is why describing the interconnection between the organizations that own and operate connected IT systems is the best fit. Why the other options don’t fit as well: internal roles between end users and IT staff aren’t about cross‑organizational system connections, and a vendor–customer arrangement doesn’t inherently specify the technical and security requirements for interconnecting separate organizations’ IT systems. Likewise, interdepartmental needs are internal to one organization and don’t address inter-organizational interconnections.