| Contractor Hosted (Third Party) | Cloud Hosted | CBIIT Fully Managed | NCI Customer Managed and Co-Location | |
| FIPS-199 Security Categorization | ||||
| e-Authentication Risk Assessment | ||||
| Privacy Impact Analysis | ||||
| System Security Plan | ||||
| IS Contingency Plan | ||||
| Business Impact Analysis (may also be included with the system contingency plan) | ||||
| IS Contingency Plan Exercise Report | ||||
| Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | ||||
| Security (Control) Assessment Plan (SAP/SCAP) | ||||
| Security Assessment Report (SAR) | ||||
| Configuration Management Plan (CMP) | ||||
| Plan of Action and Milestones (POA&M) | ||||
| Signed ATO Letter | ||||
 |
