| Artifact Name | FAST ATO (Low) | Low | Moderate |
| FIPS-199 Security Categorization | √ | √ | √ |
| e-Authentication Risk Assessment | √ | √ | √ |
Privacy Impact Assessment (PIA) | √ | ||
| Business Impact Analysis | √ | √ | |
| System Security Plan (SSP) | √ | √ | √ |
| Configuration Management Plan (CMP) | √ | √ | √ |
Contingency Plan (includes disaster recovery/incident response plans) | √ | √ | √ |
Contingency Plan Exercise Report
| √ Tabletop | √ Tabletop | √ Simulated |
| Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | As needed | As needed | As needed |
| Security Assessment Plan (SAP) | √ | √ | √ |
| Security Assessment Report (SAR) | √ | √ | √ |
| Plan of Action and Milestones (POA&M) | √ | √ | √ |
| Self Attestation | √ | ||
| Signed ATO Letter | √ | √ | √ |
These requirements apply to all NCI federal systems regardless of hosting location: Externally (Contractor/Third Party) Hosted | |||
 |
