| Contractor Hosted (Third Party) | Cloud Hosted | CBIIT Fully Managed | NCI Customer Managed and Co-Location | |
| FIPS-199 Security Categorization | √ | √ | √ | √ |
| e-Authentication Risk Assessment | √ | √ | √ | √ |
| Privacy Impact Analysis | √ | √ | √ | √ |
| System Security Plan | √ | √ | √ | √ |
| IS Contingency Plan | √ | √ | √ | √ |
| Business Impact Analysis | √ (may embed with ISCP) | √ | √ | √ |
IS Contingency Plan Exercise Report
| √ | √ | √ | √ |
| Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | As needed | |||
| Security (Control) Assessment Plan (SAP/SCAP) | √ | √ | √ | √ |
| Security Assessment Report (SAR) | √ | √ | √ | √ |
| Configuration Management Plan (CMP) | √ | √ | √ | √ |
| Plan of Action and Milestones (POA&M) | √ | √ | √ | √ |
| Signed ATO Letter | √ | √ | √ | √ |
 |
