Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Home

NCI Security and Compliance Information

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

	Contractor Hosted (Third Party)	Cloud Hosted	CBIIT Fully Managed	NCI Customer Managed and Co-Location
FIPS-199 Security Categorization	√	√	√	√
e-Authentication Risk Assessment	√	√	√	√
Privacy Impact Analysis	√	√	√	√
System Security Plan	√	√	√	√
IS Contingency Plan	√	√	√	√
Business Impact Analysis	√ (may

also be included with the system contingency plan)

embed with ISCP)

√

√

√

IS Contingency Plan Exercise Report Tabletop (Low (L) availability only) Simulated (L/M/H) Functional (L/M/H)	√	√	√	√
Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA)	As needed
Security (Control) Assessment Plan (SAP/SCAP)	√	√	√	√
Security Assessment Report (SAR)	√	√	√	√
Configuration Management Plan (CMP)	√	√	√	√
Plan of Action and Milestones (POA&M)	√	√	√	√
Signed ATO Letter	√	√	√	√

Accessibility | Contact CBIIT | FOIA | HHS Vulnerability Disclosure | Comment Policy
U.S. Department of Health and Human Services | National Institutes of Health | National Cancer Institute | USA.gov
NIH ... Turning Discovery Into Health®

Powered by Atlassian Confluence, themed by RefinedTheme