Page History

...

All NCI security teams are organizationally located within Center for Biomedical Informatics and Information Technology (CBIIT) supporting the NCI ISSO.

Enterprise Security Team (EST)

Cyber Governance, Risk, and Compliance Team (CGRC)

The CGRC Team is The EST is responsible for the cyber governance and compliance of all NCI information systems.  In performing these functions, the EST works with Information Owners, System Owners, and their support teams to establish their system's categorization (Step 1 of the RMF), complete their Starter Kit (Step 2 of the RMF), and also finalizes the ATO package for the system and works with the Federal A&A Lead and AO to issue the system's authorization to operate (ATO) (Step 5 of the RMF).

...

IT Security Advisor (ITSA)

The PAT The ITSA works with works with Information Owners, System Owners, and their support teams to provide guidance during the implementation of security controls (Step 3 of the RMF) and completing the required documentation for the system to receive an ATO.

Security

...

Control Assessor (

...

SCA)

The SAT SCA performs the independent security control assessment (SCA) for internal NCI systems (Step 4 of the RMF).