 |
Page History
| Artifact Name | FAST ATO (LowContractor Hosted (Third Party) | Cloud Hosted | CBIIT Fully Managed | NCI Customer Managed and Co-LocationLow | Moderate | |||
| FIPS-199 Security Categorization | √√ | √ | √ | |||||
| e-Authentication Risk Assessment | √√ | √ | √ | |||||
Privacy Impact | AnalysisAssessment (PIA) | √ | ||||||
| Business Impact Analysis | √ | √ | ||||||
| System Security Plan (SSP) | √ | √ | √ | √ | ||||
| Configuration Management Plan (CMP) | √ | √ | √ | √ | Business Impact Analysis | |||
Contingency Plan (includes disaster recovery/incident response plans | √ (may embed with ISCP) | √ | √ | √ | ||||
Contingency Plan Exercise Report |
| √ Tabletop | √ Tabletop | √ Simulated | √ | √ | √ | √|
| Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | As needed | As needed | As needed | |||||
| Security | (Control)Assessment Plan (SAP | /SCAP) | √ | √ | √ | √ | ||
| Security Assessment Report (SAR) | √√ | √ | √ | |||||
| Plan | (CMP)√ | √ | √ | √ | Planof Action and Milestones (POA&M) | √ | √ | √ |
| Self Attestation | √ | |||||||
| Signed ATO Letter | √ | √ | √ | √|||||
These requirements apply to all NCI federal systems regardless of hosting location: Externally (Contractor/Third Party) Hosted | ||||||||
