Page History
Artifact Name | FAST ATO (Low) | Low | Moderate | High|||
FIPS-199 Security Categorization | √ | √ | √ | √ | ||
e-Authentication Risk Assessment | √ | √ | √ | √ | ||
Privacy Impact Assessment (PIA) | √√ | |||||
Business Impact Analysis | √√ | √ | ||||
System Security Plan (SSP) | √√ | √ | √ | |||
Configuration Management Plan (CMP) | √ | √ | √ | √ | ||
Contingency Plan (includes disaster recovery/incident response plans) | √ | √ | √ | √ | ||
Contingency Plan Exercise Report
| √ Tabletop | √ Tabletop | √Simulated√ Simulated | |||
Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | As needed | As needed | As needed | As needed | ||
Security Assessment Plan (SAP) | √ | √ | √ | √ | ||
Security Assessment Report (SAR) | √√ | √ | √ | |||
Plan of Action and Milestones (POA&M) | √ | √ | √ | |||
Self Attestation | √ | |||||
Signed ATO | or EndorsementLetter | √ | √ | √ | Self Attestation√ | |
These requirements apply to all NCI federal systems regardless of hosting location: Externally (Contractor/Third Party) Hosted |