NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Old Version 2

changes.mady.by.user Hayn, Craig (NIH/NCI) [E]

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (scotterr)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Artifact NameFAST ATO (Low
Contractor Hosted (Third Party
)
Cloud HostedCBIIT Fully ManagedNCI Customer Managed and Co-Location
LowModerate
FIPS-199 Security Categorization
e-Authentication Risk Assessment

Privacy Impact Assessment (PIA)



Business Impact Analysis


System Security Plan (SSP)
Configuration Management Plan
IS IS
(CMP)

Contingency Plan

Business Impact Analysis (may also be included with the system contingency plan)

(includes disaster recovery/incident response plans)

Contingency Plan Exercise Report

  • the Tabletop option is available to any systems with a "Low" rating for availability

Tabletop

Tabletop

Simulated
or
Functional

Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA)As neededAs neededAs needed
Security
(Control)
Assessment Plan (SAP
/SCAP
)
Security Assessment Report (SAR)
Configuration Management Plan (CMP)
Plan of Action and Milestones (POA&M)
Self Attestation

Signed ATO Letter

These requirements apply to all NCI federal systems regardless of hosting location:

Externally (Contractor/Third Party) Hosted
CBIIT Managed
Customer Managed
Co-Location
Cloud