(04/13/16) DSS Transition Timeline to Risk Management Framework (RMF)

DSS Transition Timeline to Risk Management Framework (RMF) for Cleared Contractors
DSS is scheduled to release the DSS Assessment and Authorization Process Manual in support of RMF in July 2016. Please click here to view.

(11/15/13) ODAA Process Manual Release

Today DSS released the updated Office of the Designated Approving Authority (ODAA) Process Manual. Revision 3.2 reflects a significant re-write and consolidation of information into a format closely resembling information assurance instructions. Sections of the manual have been aligned and cross-referenced to enable translation to National Institute of Standards and Technology (NIST) guidance. Future revisions will bear an even stronger resemblance to NIST instructions in format and content for the purpose of reciprocity throughout the Department of Defense and the Federal government.

The Manual becomes effective on May 15, 2014, six months after issuance. This transition period allows time for familiarization and planning prior to implementation. During the transition period, Information Systems Security Mangers may choose to apply updated guidance to existing and/or new systems during the Certification and Accreditation process. Beginning on the published implementation date at the end of the six-month transition period, the manual and associated changes should be followed for all system accreditation activities.

ODAA thanks industry, field personnel, and everyone whose hard work and dedication have enabled the production of the Process Manual.

(09/24/13) Notice to ISSMs

Please be advised there are significant changes to the Command Cyber Readiness Inspection (CCRI) scoring methodology starting October 1, 2013. Please work with your government sponsor to obtain the General Administration Message J3-13-0667 or send an email request as described below:

Request to: DISN@dss.smil.mil (SIPR)

Insert keywords in the subject: Request J3-13-0667

Provide the following information in the body of your email:

Company Name and address
Cage Code
Name of Requestor (FSO/ISSM/ISSO)
Requestor's SIPRNet email address
Reason for the request