NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Old Version 6

changes.mady.by.user Hayn, Craig (NIH/NCI) [E]

Saved on

compared with

New Version 7

changes.mady.by.user Hayn, Craig (NIH/NCI) [E]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

All new information systems require that three forms that the following forms be completed to establish an information system's security-impact rating, authentication requirements, and privacy implications, and mission criticality:

  • FIPS-199 System Security Impact Categorization
  • e-Authentication Threshold and the e-Authentication Risk Analysis (eTA and eRA)
  • Privacy Impact Assessment (PIA)
  • Business Impact Analysis (BIA)

We refer to these forms collectively as the "system security starter kit" because they should be they need to be completed before any other security compliance work begins. The information needed for these forms also helps define a system’s security and privacy requirements.  The starter kit is a precursor to the formal FISMA authorization that is required prior to a system going live.

...