Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Home

NCI Security and Compliance Information

Page History

Versions Compared

Old Version 14

changes.mady.by.user Unknown User (scotterr)

Saved on Jan 29, 2021

compared with

New Version 15

changes.mady.by.user Unknown User (scotterr)

Saved on Jun 11, 2021

Key

This line was added.
This line was removed.
Formatting was changed.

Self Attestation

	FAST ATO (Low)	Low	Moderate	High
FIPS-199 Security Categorization	√	√	√	√
e-Authentication Risk Assessment	√	√	√	√
Privacy Impact Assessment (PIA)			√	√
Business Impact Analysis		√	√	√
System Security Plan (SSP)	√	√	√	√
Configuration Management Plan (CMP)	√	√	√	√
Contingency Plan (includes disaster recovery/incident response plans)	√	√	√	√
Contingency Plan Exercise Report the Tabletop option is available to any systems with a "Low" rating for availability	√ Tabletop	√ Tabletop	√ Simulated or Functional	√ Simulated or Functional
Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA)	As needed	As needed	As needed	As needed
Security Assessment Plan (SAP)	√	√	√	√
Security Assessment Report (SAR)	√	√	√	√
Plan of Action and Milestones (POA&M)	√	√	√	√
Self Attestation	√
Signed ATO or Endorsement Letter	√	√	√		√
These requirements apply to all NCI federal systems regardless of hosting location: Externally (Contractor/Third Party) Hosted CBIIT Managed Customer Managed Co-Location Cloud

...

Accessibility | Contact CBIIT | FOIA | HHS Vulnerability Disclosure | Comment Policy
U.S. Department of Health and Human Services | National Institutes of Health | National Cancer Institute | USA.gov
NIH ... Turning Discovery Into Health®

Powered by Atlassian Confluence, themed by RefinedTheme