CIRB- FIPS Assessment

Attachment G04 - CTEP_ESYS FIPS 199 System Categorization _FY2023 V 1.0 Final.pdf

CTEP Branch Support Contracts Forms and Surveys (NCI)

CIRB- FIPS Assessment

OMB: 0925-0753

Document [pdf]
Download: pdf | pdf
FIPS 199/NIST 800-60 System Categorization
SYSTEM INFORMATION
System Name

NCI Cancer Therapy Evaluation Program Enterprise System (CTEP-ESYS) IC

National Cancer Institute

System Type

☐ General Support System

Date

6/7/2023

SDLC
Status

Operational

Overall System Security Category
Overall Impact Levels (High Water Mark)

☒ Major Application

☐ Tier 2, 3, or 4

Moderate
Confidentiality

Integrity

Availability

Moderate

Moderate

Moderate

For Official Use Only (FOUO)

Page 1

FIPS 199 Categorization


System Description

System Contacts

Template Rev. February, 2020
Version 1.03

June 13, 2023

The CTEP-ESYS is a Major Application (MA) that is the primary data collection mechanism for NCl's vast
clinical trials program. The purpose of the system is to ensure patient safety and to meet the NCI CTEP's
scientific, regulatory, administrative, and operational program mission. Specifically, it is used to document,
track, monitor, and evaluate NCI clinical research activities. The CTEP-ESYS collects safety and clinical
results data on ongoing clinical cancer trials (trials not yet completed). Data reporting and analysis in realtime are critical to ensuring adequate monitoring of ongoing clinical research. Timely data reporting and
analysis also ensure effective planning for the required successor studies, thus accelerating the evaluation of
promising new agents and regimens for patients with cancer.
Address

Phone and Email

Signature

Jeff Shilling
NCI Chief Information Officer

9609 Medical Center Drive Rockville,
Maryland 20850

240.276.5549
[email protected]

Karen Friend
NCI Information System Security Officer

9609 Medical Center Drive Rockville,
Maryland 20850

240.276.5055
[email protected]

Karen R.
Friend -S

Digitally signed by Karen
R. Friend -S
Date: 2023.07.13
17:19:34 -04'00'

Shanda Finnigan
System Owner

9609 Medical Center Drive Rockville,
Maryland 20850

240-276-6058
[email protected]

Shanda R.
Finnigan -S

Digitally signed by Shanda
R. Finnigan -S
Date: 2023.06.15 09:41:06
-04'00'

Suzanne Milliard
NCI Privacy Coordinator

MSC 2580, 31 Center Drive Bethesda, 240.781.3340
MD 20892
[email protected]

Suzanne A.
Milliard -S

Digitally signed by
Suzanne A. Milliard -S
Date: 2023.07.14
10:14:39 -04'00'

For Official Use Only (FOUO)

2023.09.12
12:41:23 -04'00'

Page 2

FIPS 199 Categorization


Template Rev. February, 2020
Version 1.03

June 13, 2023

INFORMATION TYPE(S), PROVISIONAL IMPACT LEVEL(S), ADJUSTED IMPACT LEVEL(S), RATIONALE
Provisional Impact Levels

Adjusted Impact Levels

Category of Information (800-60)

D.20. l Research and Development

Rationale

Availability

Confidentiality

Integrity

Availability

Low

Moderate

Low

Moderate

Moderate

Moderate

Low

Moderate

Low

Moderate

Moderate

Low

Confidentiality was raised because of the types of information available in the enterprise system, including protocols and protocol attributes,
drug inventory and site distribution records, adverse event reports, site audit reports, Investigational New Drug (IND) submission records,
Investigator registration details, and patient accrual details. Note that no patient-identifying information is stored in the system.

C.3.5.6 Record Retention Information Type

Rationale

Integrity

Confidentiality was raised because of the presence of proprietary R&D information that should not be accessible to the public, and because
its unauthorized release or access could cause serious adverse impacts to the NCl, individuals, or agency assets.
Availability was raised to moderate due to the adverse event reporting requirements within the stipulated timeframe and also to ensure that
there are no serious delays or disruptions to the information system availability that could have a serious adverse impact on research
activities.

D.19.1 Scientific and Technical Research and
Innovation
Rationale

Confidentiality

Low

Moderate

Low

Moderate

Moderate

Low

Confidentiality was raised to ensure adequate protection of the PHI data that is collected, stored, and processed in the system. Most of which
is used for compliance reporting, program monitoring, and planning purposes. Some of these data elements are for internal use only and are
reported to the FDA as required by law.

For Official Use Only (FOUO)

Page 3


File Typeapplication/pdf
File TitleFIPS 199/NIST 800-60 System Categorization
AuthorFranseen, Tiffany
File Modified2023-09-12
File Created2023-06-13

© 2024 OMB.report | Privacy Policy