Page History
Artifact Name | FAST ATO ATOaaS (Low) | Low | Moderate | High | |||||
FIPS-199 Security Categorization | √ | √ | √ | √ | |||||
e-Authentication Risk Assessment | √√ | √ | √ | ||||||
Privacy Impact Assessment (PIA) | √ | ||||||||
Business Impact Analysis | √ | √ | |||||||
System Security Plan (SSP) | √ | √ | √ | ||||||
Configuration Management Plan (CMP) | √ | √ | √ | ||||||
Contingency Plan (includes disaster recovery/incident response plans) | √ | √ | √√ | Business Impact Analysis√ | √ | √ | √ | ||
Contingency Plan Exercise Report
| √ Tabletop | √ Tabletop | √SimulatedFunctional | √ Simulated | |||||
Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | As needed | As needed | As needed | As needed | |||||
Security | (Control)Assessment Plan (SAP | /SCAP) | √ | √ | √ | √ | |||
Security Assessment Report (SAR | )√ | √ | √ | √ | Configuration Management Plan (CMP) | √√ | √ | √ | |
Plan of Action and Milestones (POA&M) | √ | √ | √ | ||||||
Self Attestation | √ | ||||||||
Signed ATO | or EndorsementLetter | √ | √ | √ | √ | ||||
These requirements apply to all NCI federal systems regardless of hosting location: Externally (Contractor/Third Party) Hosted |