Information Assurance - Accreditation Documentation

From Traditional Security

Part of Information Assurance - Accreditation Documentation

Associated with IA controls: DCSD-1

SV-41139r2_rule Information Assurance - Accreditation Documentation

Vulnerability discussion

Failure to provide the proper documentation can lead to a system connecting without all propersafeguards in place, creating a threat to the networks.

Check content

Check the accreditation package with only a cursory review to ensure the ATO/IATO are current. TACTICAL ENVIRONMENT: The check is applicable. The ATO and associated documentation should be found in a fixed HQ location where the IAM/IAO are located. When possible, documentation should be requested/sought before departing on trips to tactical locations. Copies sent to the reviewers email (NIPR or SIPR depending on classification of document) can be used to validate compliance.

Fix text

1. A current accreditation document approved by the DAA must be on hand for all systems and applications connected to the DISN. 2. Copies of the original accreditation documentation along with any subsequent modifications must be on-hand for review. 3. The Approval to Operate (ATO) or Interim Approval to Operate (IATO) must be up-to-date and must be signed by the current Approving Authority.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer