20. december 2020

What Is System Security Authorization Agreement

The Office of Assistant Secretary of Defense commissioned the Defense-wide Information Systems Security Program (DISSP) to create standardized requirements and processes for the accreditation of computers, systems and networks in its Memorandum “The Defense Information Systems Security Program” of August 19, 1992. A working group to improve the security process has been established to develop this standard process. Its role was to develop a standard CA process in accordance with the guidelines set out in DoD 5200.28; Public law (P.L.) 100-235 (1988); Administrative and Budget Office (OMB) Circular A-130, Appendix III; Director of Central Intelligence Services (DCID) 1/16; And the DoD Directive 5220.22. A System Security Authorization Agreement (SSAA) is an information security document used by the U.S. Department of Defense (DoD) to describe and accredit networks and systems. The SSAA is part of the certification and accreditation process of the Ministry of Defence Security of Defence Information Technology (DITSCAP). The DoD statement (December 1997 edition, which describes DITSCAP and contains a structure for the SSAA document, is DODI 5200.40. The application manual dITSCAP (DoD 8510.1-M) published in July 2000 contains additional details. The operational interests of the users of the system are due to the user`s representative. In the C-A process, the user representative takes care of system availability, access, integrity, functionality, performance and privacy of the mission environment.

Phase 4 continues until the information system is removed from service (out of service), major reviews are made, or a regular compliance audit is required. The other answers are distractions. In addition, NIACAP defines the development of a system security plan (SSP) instead of a SSAA. Otherwise, the NIACAP is virtually identical to DITSCAP and sets the minimum standards required for the certification and accreditation of national security systems without a dod. The PM also ensures that the certification system is under configuration management during Phase 3. The DAA, the certifier and the user`s representative verify that the operating environment and system configuration are consistent with the safety features reflected in the SSAA. Based on the information available in the SSAA, the DAA may grant accreditation, a provisional operating license (IATO) or find that the risks of the system are not acceptable and are not operational.