Date: Thu, 28 Mar 2024 21:45:09 -0400 (EDT) Message-ID: <1374399733.815.1711676709826@ip-10-208-26-37.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_814_1722973185.1711676709823" ------=_Part_814_1722973185.1711676709823 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
All new information systems require that the following = ;forms be completed to establish an information system's security-impact ra= ting, authentication requirements, privacy implications, and mission critic= ality:
We refer to these forms collectively as the "security starter kit" becau= se they need to be completed before any other security compliance= work begins. The information needed for these forms also helps define a sy= stem=E2=80=99s security and privacy requirements. The starter kit is = a precursor to the formal FISMA authorization that is required prior to a s= ystem going live.
The information below will help you complete the starter kit.
Form Titles = |
Purpose |
Responsibilitie= s |
---|---|---|
Establishes a system's security-impact rating= based on confidentiality, integrity, and availability requirements. | You must work with the Information System Sec= urity Officer (ISSO) to complete this form to ensure the correct informatio= n categories and ratings are applied to your system. Send any questions to&= nbsp;NCIIRM@mail.nih.gov. |
|
The E-Authentication Risk Assessment (E-= Auth) establishes the appropriate identity proofing and authentication= requirements for remote users. |
The system owner or project manager comp= letes the eAuth. The completed E-Auth form must be signed by the = system owner. |
|
(right click and save = to open) |
Helps determine whether any information cover= ed by the Privacy Act is collected, processed, or stored in your system. |
The NIH privacy review process and all PIAs a= re governed by the NIH Office of the Senior Official for Privacy (OSOP). Co= ntact the NCI Privacy Coordinator to start the PIA, and the NCI= ISSO for assistance with security-related questions in the PIA. = td> |
BIA | The BIA captures the mission essential functions= supported by a system, identifies dependencies, and defines recovery time = objective, recovery point objective, and maximum tolerable downtime. | The system owner or project manager completes th= e BIA. The completed BIA must be signed by the system owner= and ISSO. |
Send any questions to NCIIRM@mail.nih.gov