NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The role descriptions below, which can be used to identify appropriate staff to fulfill key roles, are based on definitions found in

...

NIST Special Publication 800-37

...

rev.

...

2, Risk Management Framework

...

for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.

Information Owner (also known as the Business Owner)

...

The EST is responsible for the cyber governance and compliance of all NCI information systems.  In performing these functions, the EST works with Information Owners, System Owners, and their support teams to establish their system's categorization (Step 1 of the RMF), complete their Starter Kit (Step 2 of the RMF), and also finalizes the ATO package for the system and works with the Federal A&A Lead and AO to issue the system's authorization to operate (ATO) (Step 5 of the RMF).

...