Security Forms and Templates
The links for security and privacy forms and templates listed below have been divided by functional areas to better assist you in locating specific forms associated with security and/or privacy related activities that are described elsewhere in the NCI IT Security Website.
Risk planning and risk management
- FIPS-199
- e-Authentication Risk Analysis
- Privacy Impact Assessment (PIA) (Blank) (Requires Internet Explorer to open)
- Third Party Website and Applications (TPWA) PIAs – contact the NCI Privacy Coordinator to initiate a new TPWA PIA (Requires Internet Explorer to open)
- Risk Acceptance Memo
- Security Assessment Plan (SAP/SCAP)
- Security Assessment Report (SAR)
- External System Security Plan (SSP) - Contractor Hosted
- Security Impact Analysis (SIA)
Plan of action and milestones (POA&M)
- Plan of action and milestones (POA&M)
Configuration management
- Configuration Management Plan
- NIH Memorandum of Understanding (MOU)
- Interconnection Security Agreement (ISA)
- HHS Minimum Configuration Guides and Checklists
- HHS/NIH Department Standard Warning Banner
Contingency planning and disaster recovery templates
- NCI Business Impact Analysis
- NIH Contingency Plan
- NIH Contingency Test Plan and After-Action Report
- Sample Reconstitution Checklist
- Sample Recovery Checklist