Page History
Artifact Name | FAST ATO |
(Low) | Low | Moderate |
FIPS-199 Security Categorization |
√ | √ | √ | |
e-Authentication Risk Assessment |
√ | √ | √ | |
Privacy Impact Assessment (PIA) | √ |
Business Impact Analysis |
√ | √ | ||
System Security Plan (SSP) |
√ | √ | √ | |
Configuration Management Plan (CMP) |
√ | √ | √ | |
Contingency Plan (includes disaster recovery/incident response plans) |
√ | √ | √ | |
Contingency Plan Exercise Report
| √ Tabletop | √ Tabletop |
or
√ Simulated | |||
Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | As needed | As needed | As needed |
Security Assessment Plan (SAP) |
√ | √ | √ | |
Security Assessment Report (SAR) |
√ | √ | √ | |
Plan of Action and Milestones (POA&M) | √ | √ | √ |
Self Attestation | √ | ||
Signed ATO |
Letter |
√ | √ |
√ | |||
These requirements apply to all NCI federal systems regardless of hosting location: Externally (Contractor/Third Party) Hosted |