The DSS NISP Authorization Office (NAO) is announcing the upcoming release of the DSS Assessments and Authorization Process Manual (DAAPM) 1.3 in its continuing effort to provide users with the most up-to-date requirements of the Risk Management Framework (RMF) process. This version update revolves around two specific areas of interest and goes into effect on June 4, 2018. Version 1.3 supersedes all previous versions of the DAAPM.
First area of interest is the inclusion of a recommended 90 day submission period for RMF packages. This change is located at the beginning of Section 6, which has been renamed to "Assessment and Authorization Implementation Guidance." The rationale for the change is to ensure that both Industry and DSS allow time to sufficiently work the packages before and after submission.
The DSS NISP Authorization Office (NAO), in collaboration with the Defense Information Systems Agency and the Space and Naval Warfare Systems Command, has made the Security Content Automation Protocol (SCAP) Compliance Checker available to industry via OBMS. Installation files for the SCAP Compliance Checker are posted in the "ODAA Bulletin Board" section of OBMS for all supported operating systems. For additional information, please view the updated SCAP Job Aid posted on the DSS Risk Management Framework website. Applying for sponsorship through MAX.gov is no longer necessary as all PKI-protected SCAP content is available within OBMS.
If you have questions or concerns, please contact your assigned Information Systems Security Professional (ISSP). If you encounter issues accessing the SCAP content on OBMS, contact DSS NAO at email@example.com.
Effective October 3, 2016, all NISP partners and cleared industry will transition to Risk Management Framework. All expiring accreditations and requests of new accreditations for stand-alone systems must be submitted to DSS using RMF guidelines.
The DSS RMF is promulgated in the DSS Assessments and Authorization Process Manual (DAAPM). The DAAPM provides guidance, templates, security controls, System Security Plan (SSP) Templates and other artifacts necessary for the RMF transition and necessary to meeting mandated implementation timelines.
This RMF Information and Resource center provides implementation guidance and procedures for the management of all facilities, networks and systems under DSS cognizance. Contact your regional Authorizing Official (AO) with questions.