UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DCSD-1 IA Documentation


Overview

All appointments to required IA roles (e.g., DAA and IAM/IAO) are established in writing, to include assigned duties and appointment criteria such as training, security clearance, and IT-designation. A System Security Plan is established that describes the technical, administrative, and procedural IA program and policies that govern the DoD information system, and identifies all IA personnel and specific IA requirements and objectives (e.g., requirements for data handling or dissemination, system redundancy and backup, or emergency response).

MAC / CONF Impact Subject Area
MACI
MACII
MACIII
High Security Design and Configuration

Details

Threat
When local IA policies that govern DoD information systems are nonexistent, it is impossible for these systems to be accredited.  Appropriate IA documentation is necessary to effectively communicate local IA instruction throughout the local enterprise.

Guidance
1. All appointments to required IA roles (e.g., DAA and IAM/IAO) shall be qualified and at a minimum meet the eligibility requirements.
2. Appointees shall acknowledge duties and criteria by reading and signing a designation document.
3. A System Security Plan shall be developed that describes the technical, administrative, and procedural IA program and policies that govern the DoD information system, and identifies all IA personnel and specific IA requirements and objectives (e.g., requirements for data handling or dissemination, system redundancy and backup, or emergency response).

References

  • DoDI 8500.2, Information Assurance Implementation, para. E3.3.5 - 6, 06 February 2003