The NISP instance of the Enterprise Mission Assurance Support Service (eMASS) is now the official system of record for Assessment and Authorization (A&A) actions. In addition to completing all the NISP eMASS Account prerequisites (SAAR, Cyber Awareness Challenge Training, and eMASS Computer Based Training), Industry users must complete the New User Registration in the NISP eMASS instance: https://emass-nisp.csd.disa.mil/. Once the New User Registration is complete, Industry user accounts can be activated. The NISP eMASS Account and Access Procedures Job Aid is posted on the NISP eMASS Information and Resource Center: https://www.dss.mil/ma/ctp/io/nao/rmf/. Note: DISA has identified an issue with New User Registration when accessing NISP eMASS via an ECA. DISA is implementing a patch that will resolve this issue by May 10th. If you have any questions or concerns, please contact the NAO eMASS Mailbox at: email@example.com
Consistent with the Executive Order signed on April 24, 2019, the Department of Defense (DoD) will begin a phased transition of the investigations conducted by the National Background Investigations Bureau (NBIB) to DoD. This action will include the transfer of personnel and resources from NBIB to DSS, as authorized by the president of the United States. The transfer of NBIB's operations, personnel, and resources to DoD will commence not later than June 24, 2019 with the transfer completed by Oct. 1, 2019. DSS will be renamed the Defense Counterintelligence and Security Agency (DCSA) and serve as the primary Federal entity for conducting background investigations for the Federal Government. DCSA will also serve as the primary Department of Defense component for the National Industrial Security Program and shall execute responsibilities relating to continuous vetting, insider threat programs, and any other responsibilities assigned to it by the Secretary of Defense. NBIB and DSS have and will continue to work in an integrated manner to minimize disruptions to existing missions while beginning the transfer process.
The NISP Authorization Office (NAO) has created a job aid for cleared industry partners interested in pursuing an authorized NISP Enterprise Wide Area Network (eWAN) for their organization. The job aid outlines the requirements for participation in the eWAN program, and provides guidance toward successful creation of an eWAN proposal, System Security Plan (SSP), and test and authorization planning. The job aid can be found on the NAO Risk Management Framework Site (https://www.dss.mil/ma/ctp/io/nao/rmf/) under "Resources.
The NISP Authorization Office (NAO) released theDSS Assessment and Authorization Process Manual (DAAPM) Version 2.0. The updated version is posted on the NAO Risk Management Framework site(https://www.dss.mil/ma/ctp/io/nao/rmf/) under "Policy and Guidance". DAAPM Version 2.0 becomes effective on May 6, 2019, and supersedes all previous versions of the DAAPM and ODAA Process Manuals. If you have questions or concerns, contact your assigned Information Systems Security Professional (ISSP). If you have specific questions about the format, content, or want to provide general comments, send those to dss.quantico.dss firstname.lastname@example.org
The DSS NISP Authorization Office (NAO) has postponed the eMASS transition until May 6, 2019. Cleared industry partners should continue to work with their ISSPs and Team Leads to complete the required eMASS training and request a NISP eMASS account to ensure readiness for the transition. Job aids are posted on the NISP eMASS Information and Resource Center.
With the postponement of the eMASS transition, the DSS Assessment and Authorization Process Manual (DAAPM) Version 2.0 will be delayed. The revised release date is April 8, 2019, with an effective date of May 6, 2019.
Industry partners should continue to submit all System Security Plans (SSP) and supporting artifacts via the ODAA Business Management System (OBMS).
Questions and inquiries regarding eMASS are handled through the NAO eMASS mailbox: email@example.com. Questions and inquiries regarding the DAAPM are handled through the NAO mailbox: firstname.lastname@example.org.
The DSS NISP Authorization Office (NAO) is announcing the upcoming release of the DSS Assessments and Authorization Process Manual (DAAPM) 1.3 in its continuing effort to provide users with the most up-to-date requirements of the Risk Management Framework (RMF) process. This version update revolves around two specific areas of interest and goes into effect on June 4, 2018. Version 1.3 supersedes all previous versions of the DAAPM.
First area of interest is the inclusion of a recommended 90 day submission period for RMF packages. This change is located at the beginning of Section 6, which has been renamed to "Assessment and Authorization Implementation Guidance." The rationale for the change is to ensure that both Industry and DSS allow time to sufficiently work the packages before and after submission.
The DSS NISP Authorization Office (NAO), in collaboration with the Defense Information Systems Agency and the Space and Naval Warfare Systems Command, has made the Security Content Automation Protocol (SCAP) Compliance Checker available to industry via OBMS. Installation files for the SCAP Compliance Checker are posted in the "ODAA Bulletin Board" section of OBMS for all supported operating systems. For additional information, please view the updated SCAP Job Aid posted on the DSS Risk Management Framework website. Applying for sponsorship through MAX.gov is no longer necessary as all PKI-protected SCAP content is available within OBMS.
If you have questions or concerns, please contact your assigned Information Systems Security Professional (ISSP). If you encounter issues accessing the SCAP content on OBMS, contact DSS NAO at email@example.com.
Effective October 3, 2016, all NISP partners and cleared industry will transition to Risk Management Framework. All expiring accreditations and requests of new accreditations for stand-alone systems must be submitted to DSS using RMF guidelines.
The DSS RMF is promulgated in the DSS Assessments and Authorization Process Manual (DAAPM). The DAAPM provides guidance, templates, security controls, System Security Plan (SSP) Templates and other artifacts necessary for the RMF transition and necessary to meeting mandated implementation timelines.
This RMF Information and Resource center provides implementation guidance and procedures for the management of all facilities, networks and systems under DSS cognizance. Contact your regional Authorizing Official (AO) with questions.