The links for security and privacy forms and templates listed below have been divided by functional areas to better assist you in locating specific forms associated with security and/or privacy related activities that are described elsewhere in the NCI IT Security Website.
Categorize System and Select Controls (FISMA Starter Kit)
- FIPS-199 System Categorization (FIPS-199)
- NIST SP 800-60 Volume 1 (Mapping Guidelines)
- NIST SP 800-60 Volume 2 (Information Types w/ provisional security impact level assignments)
- e-Authentication Risk Analysis
- Privacy Impact Assessment (PIA)
- NCI Business Impact Analysis (BIA)
Implement Controls
System Security Plans (SSPs)
- FISMA Moderate SSP (for non-cloud systems categorized as Moderate only)
- FISMA Low SSP (for non-cloud systems categorized as Low only)
System Standard Operating Procedure (SOP) templates
Configuration management
Contingency planning and disaster recovery templates
Incident response planning templates
Assess Controls
- Security Assessment Plan (SAP)
- Security Assessment Report (SAR)
- Plan of action and milestones (POA&M)
Authorize System
Monitor System
- Security Impact Analysis (SIA)