 |
Page History
| Contractor Hosted (Third Party)* | Cloud Hosted* | CBIIT Fully Managed | NCI Customer Managed and Co-Location | |
| FIPS-199 Security Categorization | √ | √ | √ | √ |
| e-Authentication Risk Assessment | √ | √ | √ | √ |
| Privacy Impact Analysis | √ | √ | √ | √ |
| System Security Plan | √ | √ | √ | √ |
| IS Contingency Plan | √ | √ | √ | √ |
| Business Impact Analysis | √ (may embed with ISCP) | √ (may embed with ISCP) | √ (may embed with ISCP) | √ (may embed with ISCP) |
IS Contingency Plan Exercise Report
| √ | √ | √ | √ |
| Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | As needed | As needed | As needed | As needed |
| Security (Control) Assessment Plan (SAP/SCAP) | √ | √ | √ | √ |
| Security Assessment Report (SAR) | √ | √ | √ | √ |
| Configuration Management Plan (CMP) | √ | √ | √ | √ |
| Plan of Action and Milestones (POA&M) | √ | √ | √ | √ |
| Signed ATO Letter | √ | √ | √ | √ |
| * All security packages including the ATO letter for externally hosted systems (i.e., 3rd party and Cloud) should be electronically copied to the NCI ISSO as evidence that the SA&A was completed in accordance with NIST 800-37 Risk Management Framework. | ||||
...
