NIH | National Cancer Institute | NCI Wiki  


Please be advised that NCI Wiki will be will be undergoing maintenance on Monday, June 24th between 1000 ET and 1100 ET.
Wiki will remain available, but users may experience screen refreshes or HTTP 502 errors during the maintenance period. If you encounter these errors, wait 1-2 minutes, then refresh your page.

If you have any questions or concerns, please contact the CBIIT Atlassian Management Team.

Document Information

Author: Craig Stancl, Scott Bauer, Cory Endle
Team: LexEVS
Contract: S13-500 MOD4
National Institutes of Heath
US Department of Health and Human Services

Contents of this Page


The purpose of this document is to document the security plan for the National Cancer Institute Center for Biomedical Informatics and Information Technology (NCI CBIIT) LexEVS Release 6.3.

Information Systems Security Plan

A list of the industry standard security controls expected in this product

  • HTTPS Exit Disclaimer logo REST security (if needed)
    • Possible uses:
      • URI Resolver administration
      • CTS2 Development Framework administration
      • LexEVS REST secure ontology access/token transfer
  • RFC 2196 Exit Disclaimer logo
    • Specifiically, section 3.1.2 Separation of Services Exit Disclaimer logo
      • This architecture will allow services to be separated to those needing to be exposed externally and those that do not.
      • Services NOT to expose externally:
        • URI Resolver administration
        • CTS2 Development Framework administration

The components of the CBIIT technologies used for security controls


Any expected deviation from the standards


  • No labels