The DSS NISP Authorization Office (NAO) has postponed the eMASS transition until May 6, 2019. Cleared industry partners should continue to work with their ISSPs and Team Leads to complete the required eMASS training and request a NISP eMASS account to ensure readiness for the transition. Job aids are posted on the NISP eMASS Information and Resource Center.
With the postponement of the eMASS transition, the DSS Assessment and Authorization Process Manual (DAAPM) Version 2.0 will be delayed. The revised release date is April 8, 2019, with an effective date of May 6, 2019.
Industry partners should continue to submit all System Security Plans (SSP) and supporting artifacts via the ODAA Business Management System (OBMS).
Questions and inquiries regarding eMASS are handled through the NAO eMASS mailbox: email@example.com. Questions and inquiries regarding the DAAPM are handled through the NAO mailbox: firstname.lastname@example.org.
OBMS provides the Contractor Submitter Role the ability to archive Unique Identifiers (UID)s. The archive feature allows the contractor to remove older versions of UIDs and effectively manage OBMS records. In order to archive an UID, the contractor will need to conduct the following actions:
If the UID is in a DRAFT status, the contractor will not be able to archive the UID. The contractor will need to contact the DSS Knowledge Center and submit a request to have the DRAFT UIDs archived. The DSS Knowledge Center can be reached at (888) 282-7682 or via email at email@example.com.
If you have questions or concerns, please contact your assigned Information Systems Security Professional (ISSP). If you have specific questions about OBMS, please provide comments and questions to firstname.lastname@example.org.
Government programs sponsoring cleared contractor SIPRNet connections can now sponsor a contractor for tokens directly within the Secure-Defense Enrollment Eligibility Reporting System (S-DEERS). Sponsors are advised to obtain tokens for their cleared contractors as soon as possible.
Contractors with systems authorized to connect to a government sponsored SIPRNet connection are required to implement SIPRNet tokens in accordance with USCYBERCOM TASKORD J3-12-0863 by October 01, 2017 where technically feasible. Contractors will no longer be identified as 'Temporary Exception Users' after this date.
Systems without a domain environment must wait for the 90 meter software vendor to provide a local login solution; however tokens for web site authentication will be used when required by the site.
Additional information can be found at the DISA SIPRNet PKE webpage.
Note: Personnel who used DoD-approved 90meter Smart Card Manager products on DoD Networks must have a valid licensing agreement with 90meter. Due to licensing agreements, DoD cannot provide 90meter Smart Card Manager V1.4.32S on the IASE Website. Users may acquire DoD approved 90 meter products directly from email@example.com.
The DSS Assessment and Authorization Process Manual (DAAPM) originally scheduled for release August 1, 2016 has been postponed to later this month.
The phased implementation is still scheduled to begin on October 1, 2016.
In accordance with the Committee on National Security Systems Instruction (CNSSI) 7003, dated September 2015 (available on the DSS website), cleared contractors are required to have compliant PDS by September 30, 2018.
In an effort to transition from old guidance to new, cleared contractors should work with their assigned Information Systems Security Professional (ISSP) to assess their existing PDS configuration against the CNSSI 7003 requirements. A PDS Plan of Action and Milestones (POA&M) needs to be created to document when non-compliant PDSs issues will be remediated. The POA&M must be submitted to the NISP Authorization Office (NAO) (formerly ODAA) mailbox at firstname.lastname@example.org by September 30, 2016. Please include your assigned Information Systems Security Professional (ISSP) and Industrial Security Representative (ISR) on the email submission.
The CNSSI 7003 also requires the approval of PDS by the DSS Authorization Official (AO) (formerly the RDAA). Effective immediately, all PDS Installation Plans/PDS Request will be submitted to the NAO Mailbox noted above. Once the plan has been reviewed and validated by the ISSP, the AO will sign and forward an approval letter to the originator. As a note, the Facility PDS Installation Plan is approved separately from the Information System Authorizations (formerly C&A process). Once approved, the PDS Installation Plan/PDS Request and approval letter would then be uploaded into OBMS for each system Unique Identifier (UID) (that uses the PDS), as a supporting artifact to a System Security Plan (SSP).
Previously approved PDSs are authorized to continue in support of Information Systems (IS). However, any PDS that is not currently compliant could affect the expiration dates of ATOs (not to exceed September 30, 2018) for new or revised information systems. Please consult with your ISSP for questions concerning PDS.
Effective immediately, all PDS self-certification authorizations are hereby withdrawn.
Today DSS released the updated Office of the Designated Approving Authority (ODAA) Process Manual. Revision 3.2 reflects a significant re-write and consolidation of information into a format closely resembling information assurance instructions. Sections of the manual have been aligned and cross-referenced to enable translation to National Institute of Standards and Technology (NIST) guidance. Future revisions will bear an even stronger resemblance to NIST instructions in format and content for the purpose of reciprocity throughout the Department of Defense and the Federal government.
The Manual becomes effective on May 15, 2014, six months after issuance. This transition period allows time for familiarization and planning prior to implementation. During the transition period, Information Systems Security Mangers may choose to apply updated guidance to existing and/or new systems during the Certification and Accreditation process. Beginning on the published implementation date at the end of the six-month transition period, the manual and associated changes should be followed for all system accreditation activities.
ODAA thanks industry, field personnel, and everyone whose hard work and dedication have enabled the production of the Process Manual.
Please be advised there are significant changes to the Command Cyber Readiness Inspection (CCRI) scoring methodology starting October 1, 2013. Please work with your government sponsor to obtain the General Administration Message J3-13-0667 or send an email request as described below:
Request to: DISN@dss.smil.mil (SIPR)
Insert keywords in the subject: Request J3-13-0667
Provide the following information in the body of your email:
Company Name and address
Name of Requestor (FSO/ISSM/ISSO)
Requestor's SIPRNet email address
Reason for the request