Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Home

NCI Security and Compliance Information

Page History

Versions Compared

Old Version 4

changes.mady.by.user Hayn, Craig (NIH/NCI) [E]

Saved on Jan 17, 2019

compared with

New Version Current

changes.mady.by.user Unknown User (scotterr)

Saved on Feb 05, 2020

Key

This line was added.
This line was removed.
Formatting was changed.

...

Can you provide an overview of the SA&A process?

NCI and NIH follow the National Institute of Standards and Technology (NIST ) Special Publication 800-37 (link is external)rev. 2, Guide for Applying the Risk Management Framework to Federal for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. You should adhere to the 800-37 RMF rev. 2 RMF and use templates published by the NIST under the 800 series of NIST special publications.

...

For the latest list of cloud providers that are FedRAMP certified, visit the marketplace within the FedRAMP webpage(link is external)Marketplace.

If my system is part of an existing major application (MA) or general support system (GSS), do I still need an SA&A?

...

Accessibility | Contact CBIIT | FOIA | HHS Vulnerability Disclosure | Comment Policy
U.S. Department of Health and Human Services | National Institutes of Health | National Cancer Institute | USA.gov
NIH ... Turning Discovery Into Health®

Powered by Atlassian Confluence, themed by RefinedTheme