Federal Information Security Management Act (FISMA. All information systems, electronic or hard copy, that contain federal data must be protected from unauthorized access. This standard also applies to information associated with CDC grants. Congress and the OMB have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, PL 107-347. FISMA applies to CDC grantees only when grantees collect, store, process, transmit or use information on behalf of HHS or any of its component organizations. In all other cases, FISMA is not applicable to recipients of grants, including cooperative agreements. Under FISMA, the grantee retains the original data and intellectual property, and is responsible for the security of these data, subject to all applicable laws protecting security, privacy, and research. If/When information collected by a grantee is provided to HHS, responsibility for the protection of the HHS copy of the information is transferred to HHS and it becomes the agency’s responsibility to protect that information and any derivative copies as required by FISMA. For the full text of the requirements under Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347, please review the following website: xxxxx://xxx.xxx.xxx/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf Pilot Program for Enhancement of Contractor Employee Whistleblower Protections: Grantees are hereby given notice that the 48 CFR section 3.908, implementing section 828, entitled “Pilot Program for Enhancement of Contractor Employee Whistleblower Protections,” of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 (Pub. L. 112-239, enacted January 2, 2013), applies to this award. Federal Acquisition Regulations
Federal Information Security Management Act (FISMA. The Contractor or Grantee must protect all information systems, electronic or hard copy which contains federal data from unauthorized access. Congress and the Office of Management and Budget (OMB) have instituted laws, policies, and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. Resources are available at xxxx://xxxx.xxxx.xxx/groups/SMA/fisma/index.html.
Federal Information Security Management Act (FISMA. FISMA is a piece of United States legislation, enacted as part of the Electronic Government Act of 2002. The intent is to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. FISMA is the law; NIST Special Publication 800-53; Security Controls for Federal Information Systems and Organizations, is the standard that contains the individual security controls required to comply with FISMA. IT Business Service Provided to one or more business units by OIT. It is based on the use of Information Technology and is made up of a combination of IT Technical Services (applications, infrastructure, and resources) that collectively support a function of the business. Maximum Tolerable Downtime (MTD) The total amount of time that a business process can be disrupted without causing any unacceptable consequences. Planned Downtime Planned maintenance time for normal service on a respective system, includes planned maintenance time for scheduled maintenance on upstream systems to which the service is dependent. Recovery Point Objective (RPO) The maximum tolerable period in which data might be lost from an IT service due to a major incident. Acceptable data loss between backups - Example: With an RPO of 2 hours and If there is a complete replication at 10:00am and the system dies at 11:59am without a new replication, the loss of the data written between 10:00am and 11:59am will not be recovered from the replica. This amount of time data has been lost has been deemed acceptable because of the 2-hour RPO. This is the case even if it takes an additional 3 hours to get the site back into production. The production will continue from the point in time of 10:00am. All data in between will have to be manually recovered through other means. Recovery Time Objective (RTO) The duration of time and a service level within which a business process must be restored to at least the RPO after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. Unplanned Downtime Includes all unplanned outages, upstream outages, a significant number of errors reported over a set duration of time; excess time from scheduled release / maintenance windows that extend beyond allotted time, system-wide or near system-wide events, and can be national or regional in scope. SLA Review and Concurrences The following organizations concur with ...
Federal Information Security Management Act (FISMA. If applicable, all information systems, electronic or hard copy which contain federal data need to be protected from unauthorized access. This also applies to information associated with ASPR grants. Congress and the OMB have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347. Health and Safety Regulations and Guidelines Grantees are responsible for meeting applicable Federal, State, and local health and safety standards and for establishing and implementing necessary measures to minimize their employees' risk of injury or illness in activities related to ASPR grants. In addition to applicable Federal, State, and local laws and regulations, the following regulations must be followed when developing and implementing health and safety operating procedures and practices for both personnel and facilities: • 29 CFR 1910.1030, Blood borne pathogens; 29 CFR 1910.1450, Occupational exposure to hazardous chemicals in laboratories; and other applicable occupational health and safety standards issued by the Occupational Health and Safety Administration (OSHA) and included in 29 CFR 1910. These regulations are available at xxxx://xxx.xxxx.xxx/pls/oshaweb/owastand.display_standard_group?p_toc_level=1&p_part_number=1910. • Nuclear Regulatory Commission Standards and Regulations, pursuant to the Energy Reorganization Act of 1974 (42 U.S.C. 5801 et seq.). Copies may be obtained from the U.S. Nuclear Regulatory Commission, Washington, DC 20555- 0001. The following guidelines are recommended for use in developing and implementing health and safety operating procedures and practices for both personnel and facilities: • Biosafety in Microbiological and Biomedical Laboratories, CDC and NIH, HHS. This publication is available at xxxx://xxx.xxx.xxx/OD/ohs/biosfty/bmbl5/BMBL_5th_Edition.pdf. • Prudent Practices for Safety in Laboratories (1995), National Research Council, National Academy Press, 000 Xxxxx Xxxxxx, XX, Xxxxxxx 000, Xxxxxxxxxx, XX 00000 (ISBN 0-309-05229-7). This publication can be obtained by telephoning 000-000-0000. It also is available at xxxx://xxx.xxx.xxx/catalog/4911.html. Grantee organizations are not required to submit documented assurance of their compliance with or implement...
Federal Information Security Management Act (FISMA. The E-Government Act (Public Law 107-347) passed by the 107th Congress and signed into law by the President in December 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Source: xxxx://xxxx.xxxx.xxx/groups/SMA/fisma/overview.html Generic Code Number GCN Number used to identify generic formulation of a drug. Generic Drug Identical or bioequivalent to a brand name drug in dosage form, safety, strength, route of administration, quality, performance, characteristics, and intended use. Generic drugs usually cost less than brand-name drugs and are required by the Food and Drug Administration (FDA) to be as safe and as effective as the brand-name drug. Generic Name Official title of a drug or drug ingredients published in the latest edition of a pharmacopeia or formulary.
