Download:
pdf |
pdfFIPS 199/NIST 800-60 System Categorization
SYSTEM INFORMATION
System Name
NCI Cancer Therapy Evaluation Program Enterprise System (CTEP-ESYS) IC
National Cancer Institute
System Type
☐ General Support System
Date
6/7/2023
SDLC
Status
Operational
Overall System Security Category
Overall Impact Levels (High Water Mark)
☒ Major Application
☐ Tier 2, 3, or 4
Moderate
Confidentiality
Integrity
Availability
Moderate
Moderate
Moderate
For Official Use Only (FOUO)
Page 1
�FIPS 199 Categorization
System Description
System Contacts
Template Rev. February, 2020
Version 1.03
June 13, 2023
The CTEP-ESYS is a Major Application (MA) that is the primary data collection mechanism for NCl's vast
clinical trials program. The purpose of the system is to ensure patient safety and to meet the NCI CTEP's
scientific, regulatory, administrative, and operational program mission. Specifically, it is used to document,
track, monitor, and evaluate NCI clinical research activities. The CTEP-ESYS collects safety and clinical
results data on ongoing clinical cancer trials (trials not yet completed). Data reporting and analysis in realtime are critical to ensuring adequate monitoring of ongoing clinical research. Timely data reporting and
analysis also ensure effective planning for the required successor studies, thus accelerating the evaluation of
promising new agents and regimens for patients with cancer.
Address
Phone and Email
Signature
Jeff Shilling
NCI Chief Information Officer
9609 Medical Center Drive Rockville,
Maryland 20850
240.276.5549
jeffrey.shilling@nih.gov
Karen Friend
NCI Information System Security Officer
9609 Medical Center Drive Rockville,
Maryland 20850
240.276.5055
karen.friend@nih.gov
Karen R.
Friend -S
Digitally signed by Karen
R. Friend -S
Date: 2023.07.13
17:19:34 -04'00'
Shanda Finnigan
System Owner
9609 Medical Center Drive Rockville,
Maryland 20850
240-276-6058
shanda.finnigan@nih.gov
Shanda R.
Finnigan -S
Digitally signed by Shanda
R. Finnigan -S
Date: 2023.06.15 09:41:06
-04'00'
Suzanne Milliard
NCI Privacy Coordinator
MSC 2580, 31 Center Drive Bethesda, 240.781.3340
MD 20892
suzanne.milliard@nih.gov
Suzanne A.
Milliard -S
Digitally signed by
Suzanne A. Milliard -S
Date: 2023.07.14
10:14:39 -04'00'
For Official Use Only (FOUO)
2023.09.12
12:41:23 -04'00'
Page 2
�FIPS 199 Categorization
Template Rev. February, 2020
Version 1.03
June 13, 2023
INFORMATION TYPE(S), PROVISIONAL IMPACT LEVEL(S), ADJUSTED IMPACT LEVEL(S), RATIONALE
Provisional Impact Levels
Adjusted Impact Levels
Category of Information (800-60)
D.20. l Research and Development
Rationale
Availability
Confidentiality
Integrity
Availability
Low
Moderate
Low
Moderate
Moderate
Moderate
Low
Moderate
Low
Moderate
Moderate
Low
Confidentiality was raised because of the types of information available in the enterprise system, including protocols and protocol attributes,
drug inventory and site distribution records, adverse event reports, site audit reports, Investigational New Drug (IND) submission records,
Investigator registration details, and patient accrual details. Note that no patient-identifying information is stored in the system.
C.3.5.6 Record Retention Information Type
Rationale
Integrity
Confidentiality was raised because of the presence of proprietary R&D information that should not be accessible to the public, and because
its unauthorized release or access could cause serious adverse impacts to the NCl, individuals, or agency assets.
Availability was raised to moderate due to the adverse event reporting requirements within the stipulated timeframe and also to ensure that
there are no serious delays or disruptions to the information system availability that could have a serious adverse impact on research
activities.
D.19.1 Scientific and Technical Research and
Innovation
Rationale
Confidentiality
Low
Moderate
Low
Moderate
Moderate
Low
Confidentiality was raised to ensure adequate protection of the PHI data that is collected, stored, and processed in the system. Most of which
is used for compliance reporting, program monitoring, and planning purposes. Some of these data elements are for internal use only and are
reported to the FDA as required by law.
For Official Use Only (FOUO)
Page 3
�
| File Type | application/pdf |
| File Title | FIPS 199/NIST 800-60 System Categorization |
| Author | Franseen, Tiffany |
| File Modified | 2023-09-12 |
| File Created | 2023-06-13 |