Contractor Hosted (Third Party) | Cloud Hosted | CBIIT Fully Managed | NCI Customer Managed and Co-Location | |
FIPS-199 Security Categorization | ||||
e-Authentication Risk Assessment | ||||
Privacy Impact Analysis | ||||
System Security Plan | ||||
IS Contingency Plan | ||||
Business Impact Analysis (may also be included with the system contingency plan) | ||||
IS Contingency Plan Exercise Report | ||||
Memorandum of Understanding (MoU) and/or Interconnection Security Agreement (ISA) | ||||
Security (Control) Assessment Plan (SAP/SCAP) | ||||
Security Assessment Report (SAR) | ||||
Configuration Management Plan (CMP) | ||||
Plan of Action and Milestones (POA&M) | ||||
Signed ATO Letter | ||||