Notice: This application will enforce Multi-factor authentication (MFA) for NIH users beginning the evening of Wed Aug 3rd.
NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Simulated
or
Functional

As needed
Artifact NameFAST ATO (Low)LowModerateHigh
FIPS-199 Security Categorization
e-Authentication Risk Assessment

Privacy Impact Assessment (PIA)



Business Impact Analysis


System Security Plan (SSP)
Configuration Management Plan (CMP)

Contingency Plan

(includes disaster recovery/incident response plans)

Contingency Plan Exercise Report

  • the Tabletop option is available to any systems with a "Low" rating for availability

Tabletop

Tabletop

Simulated
or
Functional

Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA)As neededAs neededAs needed
Security Assessment Plan (SAP)
Security Assessment Report (SAR)
Plan of Action and Milestones (POA&M)
Self Attestation

Signed ATO Letter

These requirements apply to all NCI federal systems regardless of hosting location:

Externally (Contractor/Third Party) Hosted
CBIIT Managed
Customer Managed
Co-Location
Cloud