NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Old Version 7

changes.mady.by.user Hayn, Craig (NIH/NCI) [E]

Saved on

compared with

New Version 8

changes.mady.by.user Unknown User (scotterr)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • FIPS-199 System Security Impact Categorization (FIPS-199)
  • e-Authentication Threshold and the e-Authentication Risk Analysis (eTA and eRAeAuth)
  • Privacy Impact Assessment (PIA)
  • Business Impact Analysis (BIA)

...

The information below will help you complete the starter kit.

Form Title(s)Titles

Purpose

Responsibilities

FIPS-199

Establishes a system's security-impact rating based on confidentiality, integrity, and availability requirements.

You must work with the Information System Security Officer (ISSO) to complete this form to ensure the correct information categories and ratings are applied to your system. Send any questions to NCIIRM@mail.nih.gov.

e-AuthenticationAuth

The eAuthentication Risk Assessment (eAuth) establishes the appropriate identity proofing and authentication requirements for remote users.

The system owner or project manager completes the eAuth. Completed forms must be signed by the system owner.

PIA

Helps determine whether any information covered by the Privacy Act is collected, processed, or stored in your system.

The NIH privacy review process and all PIAs are governed by the NIH Office of the Senior Official for Privacy (OSOP). Contact the NCI Privacy Coordinator  to start the PIA, and the NCI ISSO for assistance with security-related questions in the PIA.

BIAThe BIA captures the mission essential functions supported by a system, identifies dependencies, and defines recovery time objective, recovery point objective, and maximum tolerable downtime.The system owner or project manager completes the BIA.

...