The links for security and privacy forms and templates listed below have been divided by functional areas to better assist you in locating specific forms associated with security and/or privacy related activities that are described elsewhere in the NCI IT Security Website.
Categorize System and Select Controls (FISMA Starter Kit)
Implement Controls
System Security Plans (SSPs)
- FISMA Low SSP (for non-cloud systems categorized as Low only)
- NIH Information Security Policy Handbook (Security Policies and Security Control Implementation Requirements)
(FOUO - Request from NCI ISSO Office)
System Standard Operating Procedure (SOP) templates
Configuration management
Contingency planning and disaster recovery templates
Incident response planning templates
Assess Controls
Authorize System
Monitor System