HomeMission AreasCritical Technology ProtectionIndustrial Security Field Operations (IO)NISP Authorization Office (NAO)NAO News

Industrial Security

NAO News

NISP eMASS Industry Operation Guide Version 1.0 released
By | Aug. 14, 2019

The NISP Authorization Office (NAO) released the NISP Enterprise Mission Assurance Support Service (eMASS) Industry Operation Guide Version 1.0. The operation guide is designed to assist Industry users navigate eMASS. The operation guide is posted on the NISP eMASS Information and Resource Center (https://www.dss.mil/ma/ctp/io/nao/rmf/) under "Resources". If you have questions or concerns, please contact the NAO eMASS Mailbox at dcsa.quantico.dcsa.mbx.emass@mail.mil.

NISP Classified Configuration available within eMASS
By Nao News | Aug. 9, 2019

The NISP Authorization Office has made the NISP Classified Configuration tool (NISP CC) available to download via the NISP eMASS instance.  The NISP CC is intended to assist industry in initial and maintenance configuration of NISP authorized information systems.  Detailed instructions regarding accessing, downloading, and applying the NISP CC can be found in the NISP CC in eMASS Job Aid, located here

Support for Windows 7 ends soon
By | June 24, 2019

Microsoft has announced that after January 14, 2020, they will no longer provide security updates or support for computers running Windows 7.

The NISP Authorization Office is encouraging industry partners to beginning working with government sponsors to adapt a strategy for migrating from Windows 7 to Windows 10 as soon as practical.

Microsoft has posted some questions and answers at: https://www.microsoft.com/en-us/windowsforbusiness/end-of-windows-7-support.

The NISP Instance of the Enterprise Mission Assurance Support
By Nao News | May 6, 2019

The NISP instance of the Enterprise Mission Assurance Support Service (eMASS) is now the official system of record for Assessment and Authorization (A&A) actions.   In addition to completing all the NISP eMASS Account prerequisites (SAAR, Cyber Awareness Challenge Training, and eMASS Computer Based Training), Industry users must complete the New User Registration in the NISP eMASS instance:  https://emass-nisp.csd.disa.mil/. Once the New User Registration is complete, Industry user accounts can be activated.  The NISP eMASS Account and Access Procedures Job Aid is posted on the NISP eMASS Information and Resource Center: https://www.dss.mil/ma/ctp/io/nao/rmf/. Note:  DISA has identified an issue with New User Registration when accessing NISP eMASS via an ECA.  DISA is implementing a patch that will resolve this issue by May 10th. If you have any questions or concerns, please contact the NAO eMASS Mailbox at: dss.quantico.dss.mbx.emass@mail.mil

Executive Order directing transfer of investigative mission signed by President
By | April 25, 2019

Consistent with the Executive Order signed on April 24, 2019, the Department of Defense (DoD) will begin a phased transition of the investigations conducted by the National Background Investigations Bureau (NBIB) to DoD. This action will include the transfer of personnel and resources from NBIB to DSS, as authorized by the president of the United States. The transfer of NBIB's operations, personnel, and resources to DoD will commence not later than June 24, 2019 with the transfer completed by Oct. 1, 2019. DSS will be renamed the Defense Counterintelligence and Security Agency (DCSA) and serve as the primary Federal entity for conducting background investigations for the Federal Government. DCSA will also serve as the primary Department of Defense component for the National Industrial Security Program and shall execute responsibilities relating to continuous vetting, insider threat programs, and any other responsibilities assigned to it by the Secretary of Defense. NBIB and DSS have and will continue to work in an integrated manner to minimize disruptions to existing missions while beginning the transfer process.

NISP Enterprise Wide Area Network Job Aid now available
By | April 16, 2019

The NISP Authorization Office (NAO) has created a job aid for cleared industry partners interested in pursuing an authorized NISP Enterprise Wide Area Network (eWAN) for their organization. The job aid outlines the requirements for participation in the eWAN program, and provides guidance toward successful creation of an eWAN proposal, System Security Plan (SSP), and test and authorization planning. The job aid can be found on the NAO Risk Management Framework Site (https://www.dss.mil/ma/ctp/io/nao/rmf/) under "Resources.

DSS Assessment and Authorization Process Manual (DAAPM) Version 2.0
By | April 8, 2019

The NISP Authorization Office (NAO) released theDSS Assessment and Authorization Process Manual (DAAPM) Version 2.0. The updated version is posted on the NAO Risk Management Framework site(https://www.dss.mil/ma/ctp/io/nao/rmf/) under "Policy and Guidance". DAAPM Version 2.0 becomes effective on May 6, 2019, and supersedes all previous versions of the DAAPM and ODAA Process Manuals. If you have questions or concerns, contact your assigned Information Systems Security Professional (ISSP). If you have specific questions about the format, content, or want to provide general comments, send those to dss.quantico.dss hq.mbx.odaa@mail.mil

NAO delays release of the Enterprise Mission Assurance Support Service (eMASS)
By | Feb. 14, 2019

The DSS NISP Authorization Office (NAO) has postponed the eMASS transition until May 6, 2019. Cleared industry partners should continue to work with their ISSPs and Team Leads to complete the required eMASS training and request a NISP eMASS account to ensure readiness for the transition. Job aids are posted on the NISP eMASS Information and Resource Center.

With the postponement of the eMASS transition, the DSS Assessment and Authorization Process Manual (DAAPM) Version 2.0 will be delayed. The revised release date is April 8, 2019, with an effective date of May 6, 2019.

Industry partners should continue to submit all System Security Plans (SSP) and supporting artifacts via the ODAA Business Management System (OBMS).

Questions and inquiries regarding eMASS are handled through the NAO eMASS mailbox: dss.quantico.dss.mbx.emass@mail.mil. Questions and inquiries regarding the DAAPM are handled through the NAO mailbox: dss.quantico.dss-hq.mbx.odaa@mail.mil.

NISP Enterprise Mission Assurance Support Service (e-MASS) Job Aid for training guidance and system access
By RMF | June 19, 2018
The NISP Authorization Office has created a job aid for cleared industry to obtain access and sponsorship to the NISP eMASS. These instructions will allow NISP partners to access and complete the required DISA computer-based training beginning on July 2, 2018. You can find the job aid here.
DSS Authorized Warning Banner
By Nao News | Feb. 16, 2018
Industry indicated that the DSS Authorized Warning Banner does not display as shown in the DSS Assessment and Authorization Process Manual (DAAPM). The issue is due to the use of the semi-colons. In order to resolve this matter, Industry is authorized to use a comma in place of the semi-colon. If you have questions or concerns, please contact your assigned Information Systems Security Professional (ISSP). If you have specific questions about the format or content of the DSS Authorized Warning Banner, please provide comments and questions to dss.quantico.dss-hq.mbx.odaa@mail.mil.
DSS provides guidance on the removal of Kaspersky Labs software/hardware from DSS authorized information systems in cleared industry
By Nao News | Oct. 2, 2017
Effective immediately, all NISP contractor facilities possessing classified information systems (IS) under DSS cognizance and authorization are directed to remove all Kaspersky Labs software or hardware from the authorized IS. Click here to read the guidance.
By Nao News | May 11, 2017

OBMS provides the Contractor Submitter Role the ability to archive Unique Identifiers (UID)s. The archive feature allows the contractor to remove older versions of UIDs and effectively manage OBMS records. In order to archive an UID, the contractor will need to conduct the following actions:

  1. Log into OBMS, Contractor Submitter Module, and Certification and Accreditation Module
  2. Select Edit an Accreditation
  3. Click the Radio Button next to the selected UID
  4. Click Archive Accreditation Package
  5. A pop-up will appear asking "Are you sure you want to archive the selected accreditation?" Click Submit. The UID will be permanently archived and removed from the queue.

If the UID is in a DRAFT status, the contractor will not be able to archive the UID. The contractor will need to contact the DSS Knowledge Center and submit a request to have the DRAFT UIDs archived. The DSS Knowledge Center can be reached at (888) 282-7682 or via email at dss.quantico.dss-hq.mbx.knowledge-center@mail.mil.

If you have questions or concerns, please contact your assigned Information Systems Security Professional (ISSP). If you have specific questions about OBMS, please provide comments and questions to dss.quantico.dss-hq.mbx.odaa@mail.mil.

Updated SIPRNet Public Key Enabling (PKE) Guidance
By Nao News | April 1, 2017

Government programs sponsoring cleared contractor SIPRNet connections can now sponsor a contractor for tokens directly within the Secure-Defense Enrollment Eligibility Reporting System (S-DEERS). Sponsors are advised to obtain tokens for their cleared contractors as soon as possible.

Contractors with systems authorized to connect to a government sponsored SIPRNet connection are required to implement SIPRNet tokens in accordance with USCYBERCOM TASKORD J3-12-0863 by October 01, 2017 where technically feasible. Contractors will no longer be identified as 'Temporary Exception Users' after this date.

Systems without a domain environment must wait for the 90 meter software vendor to provide a local login solution; however tokens for web site authentication will be used when required by the site.

Additional information can be found at the DISA SIPRNet PKE webpage.

Note: Personnel who used DoD-approved 90meter Smart Card Manager products on DoD Networks must have a valid licensing agreement with 90meter. Due to licensing agreements, DoD cannot provide 90meter Smart Card Manager V1.4.32S on the IASE Website. Users may acquire DoD approved 90 meter products directly from sales1@90meter.com.

NAO discontinues emailing authorization decision status updates
By RMF | March 2, 2017
Effective immediately, the NISP Authorization Office (NAO) will discontinue sending emails to contractors for authorization decision updates. Industry is reminded to check OBMS for status updates and copies of the authorization decision supporting artifacts.
Memorandum of Understanding template available in OBMS
By Nao News | Feb. 23, 2017
The DSS NISP Authorization Office provides a template for Memorandums of Understanding to facilitate connections between government and contractor systems. This template has the appropriate signature block and references, and is the most up-to-date approved version. The template can be found in the ODAA Bulletin Board within OBMS, under "Headquarters Bulletin Board." Industry is not required to use the DSS template; however, doing so may expedite the coordination and approval process.
DSS National Industrial Security Program (NISP) Risk Management Framework (RMF) Implementation Update
By Nao News | Aug. 1, 2016

The DSS Assessment and Authorization Process Manual (DAAPM) originally scheduled for release August 1, 2016 has been postponed to later this month.

The phased implementation is still scheduled to begin on October 1, 2016.

Industry Protected Distribution System (PDS) transition guidance
By Nao News | July 16, 2016

In accordance with the Committee on National Security Systems Instruction (CNSSI) 7003, dated September 2015 (available on the DSS website), cleared contractors are required to have compliant PDS by September 30, 2018.

In an effort to transition from old guidance to new, cleared contractors should work with their assigned Information Systems Security Professional (ISSP) to assess their existing PDS configuration against the CNSSI 7003 requirements. A PDS Plan of Action and Milestones (POA&M) needs to be created to document when non-compliant PDSs issues will be remediated. The POA&M must be submitted to the NISP Authorization Office (NAO) (formerly ODAA) mailbox at dss.quantico.dss-hq.mbx.odaa@mail.mil by September 30, 2016. Please include your assigned Information Systems Security Professional (ISSP) and Industrial Security Representative (ISR) on the email submission.

The CNSSI 7003 also requires the approval of PDS by the DSS Authorization Official (AO) (formerly the RDAA). Effective immediately, all PDS Installation Plans/PDS Request will be submitted to the NAO Mailbox noted above. Once the plan has been reviewed and validated by the ISSP, the AO will sign and forward an approval letter to the originator. As a note, the Facility PDS Installation Plan is approved separately from the Information System Authorizations (formerly C&A process). Once approved, the PDS Installation Plan/PDS Request and approval letter would then be uploaded into OBMS for each system Unique Identifier (UID) (that uses the PDS), as a supporting artifact to a System Security Plan (SSP).

Previously approved PDSs are authorized to continue in support of Information Systems (IS). However, any PDS that is not currently compliant could affect the expiration dates of ATOs (not to exceed September 30, 2018) for new or revised information systems. Please consult with your ISSP for questions concerning PDS.

Effective immediately, all PDS self-certification authorizations are hereby withdrawn.

ODAA Process Manual Release
By Nao News | Nov. 15, 2013

Today DSS released the updated Office of the Designated Approving Authority (ODAA) Process Manual. Revision 3.2 reflects a significant re-write and consolidation of information into a format closely resembling information assurance instructions. Sections of the manual have been aligned and cross-referenced to enable translation to National Institute of Standards and Technology (NIST) guidance. Future revisions will bear an even stronger resemblance to NIST instructions in format and content for the purpose of reciprocity throughout the Department of Defense and the Federal government.

The Manual becomes effective on May 15, 2014, six months after issuance. This transition period allows time for familiarization and planning prior to implementation. During the transition period, Information Systems Security Mangers may choose to apply updated guidance to existing and/or new systems during the Certification and Accreditation process. Beginning on the published implementation date at the end of the six-month transition period, the manual and associated changes should be followed for all system accreditation activities.

ODAA thanks industry, field personnel, and everyone whose hard work and dedication have enabled the production of the Process Manual.

Notice to ISSMs
By Nao News | Sept. 24, 2013

Please be advised there are significant changes to the Command Cyber Readiness Inspection (CCRI) scoring methodology starting October 1, 2013. Please work with your government sponsor to obtain the General Administration Message J3-13-0667 or send an email request as described below:

Request to: DISN@dss.smil.mil (SIPR)

Insert keywords in the subject: Request J3-13-0667

Provide the following information in the body of your email:

Company Name and address Cage Code CCSD Name of Requestor (FSO/ISSM/ISSO) Requestor's SIPRNet email address Reason for the request