...
Informational Requirements:
- Maintain and enforce a list of authorized administrators, and keep records up-to-date so that Security can quickly determine responsible parties for the system. At least one responsible party must be a full-time employee working at the NCSA.
- Provide Security with accounts on the system or a way to quickly get access 24/7 for emergencies.
- Notify Security of any sensitive, confidential or regulated data expected to be on the system.
- An accepted vulnerability and patch management plan must be in place.
...