Who is responsible for granting and tracking waivers for local administrative accounts?
NIH has submitted a waiver to HHS to handle FDCC administrative account waivers as described here: http://irm.cit.nih.gov/security/FDCC_Waivers.doc The approval and tracking of the FDCC Administrative account waivers is performed at the IC ISSO level and should not be sent to HHS SecureOne. They should be tracked by the ISSO so that if there is a data call from HHS or the IG, the ISSO can show that the waivers were approved and authorized by the IC in a manner than can be justified. The use of the “aaUSER” account and the tracking of the FDCC Admin. training are intended to help document and facilitate any possible requests for justification.
NIH has submitted a waiver to HHS to handle FDCC administrative account waivers as described here: http://ocio.nih.gov/security/FDCC_Waiver_Form.pdf The approval and tracking of the FDCC Administrative account waivers is performed at the IC ISSO level and should not be sent to HHS SecureOne. They should be tracked by the ISSO so that if there is a data call from HHS or the IG, the ISSO can show that the waivers were approved and authorized by the IC in a manner than can be justified. The use of the “aaUSER” account and the tracking of the FDCC Admin. training are intended to help document and facilitate any possible requests for justification.
