View Source

	Contractor Hosted (Third Party)	Cloud Hosted	CBIIT Fully Managed	NCI Customer Managed and Co-Location
FIPS-199 Security Categorization	√	√	√	√
e-Authentication Risk Assessment	√	√	√	√
Privacy Impact Analysis	√	√	√	√
System Security Plan	√	√	√	√
IS Contingency Plan	√	√	√	√
Business Impact Analysis	√ (may embed with ISCP)	√	√	√
IS Contingency Plan Exercise Report Tabletop (Low (L) availability only) Simulated (L/M/H) Functional (L/M/H)	√	√	√	√
Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA)	As needed
Security (Control) Assessment Plan (SAP/SCAP)	√	√	√	√
Security Assessment Report (SAR)	√	√	√	√
Configuration Management Plan (CMP)	√	√	√	√
Plan of Action and Milestones (POA&M)	√	√	√	√
Signed ATO Letter	√	√	√	√