Contractor Hosted (Third Party) | Cloud Hosted | CBIIT Fully Managed | NCI Customer Managed and Co-Location | |
FIPS-199 Security Categorization | √ | √ | √ | √ |
e-Authentication Risk Assessment | √ | √ | √ | √ |
Privacy Impact Analysis | √ | √ | √ | √ |
System Security Plan | √ | √ | √ | √ |
IS Contingency Plan | √ | √ | √ | √ |
Business Impact Analysis | √ (may embed with ISCP) | √ (may embed with ISCP) | √ (may embed with ISCP) | √ (may embed with ISCP) |
IS Contingency Plan Exercise Report
| √ | √ | √ | √ |
Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | As needed | As needed | As needed | As needed |
Security (Control) Assessment Plan (SAP/SCAP) | √ | √ | √ | √ |
Security Assessment Report (SAR) | √ | √ | √ | √ |
Configuration Management Plan (CMP) | √ | √ | √ | √ |
Plan of Action and Milestones (POA&M) | √ | √ | √ | √ |
Signed ATO Letter | √ | √ | √ | √ |