Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Home

NCI Security and Compliance Information

Error rendering macro 'rw-search'

null

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

As part of the implementation, you may need to update your application’s design requirements to account for new or modified security requirements. You may also need to implement or develop specific tools to satisfy required controls. If the cost of developing or implementing a new security control is impractical or if it is not cost effective when compared to the potential risk of not implementing the control, you can apply for a security waiver to the NIH chief information security officer (CISO). You should discuss any waiver requests first with your Contracting Officer Representative (COR), and with the NCI ISSO (link sends email) before actually submitting the request, to determine if there are compensating control options and whether the waiver is likely to be approved.

...

Your designated authorizing official (AO) will review the assessment package to determine whether residual risks are acceptable to the organization before issuing a written authorization to operate (ATO) that is valid for a maximum of three years. Your AO will likely be either your Contracting Officer Representative (COR) or your federal program manager (PM). If you have questions, email the NCI ISSO (link sends email) for assistance in identifying your system’s AO.

...

Accessibility | Contact CBIIT | FOIA | HHS Vulnerability Disclosure | Comment Policy
U.S. Department of Health and Human Services | National Institutes of Health | National Cancer Institute | USA.gov
NIH ... Turning Discovery Into Health®

Powered by Atlassian Confluence, themed by RefinedTheme