NIH | National Cancer Institute | NCI Wiki  

Error rendering macro 'rw-search'

null

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A security impact analysis is conducted in the continuous monitoring phase after a system receives an ATO when the system is planning to undergo a significant change which may impact the security posture of the system.  The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, Revision 1, Guide for Applying the Risk 2, Risk Management Framework to Federal for Information Systems and Organizations: A Security  A System Life Cycle Approach for Security and Privacy (Appendix F, Section F.6, Page F-8Pages 153-154) provides a general definition of what a significant change is and provides examples of what could be considered a significant change.

...