NISP eMASS DAAPM DCSA Requirements for Access Control - Download NIST 800-53 AC Policy Templates
Version 2.2 (31 August 2020) of the Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM) mentions the phrase “access control" nineteen times, and for good reason. Per the DAAPM, “U.S. Government policy is that all classified information must be appropriately safeguarded to assure the confidentiality and integrity of that information,” which can only happen when appropriate access control measures are put in place. Regardless of the type of environment - MUSA, SUSA, LAN, WAN, etc., cleared industry needs well-written, comprehensive access control policies and procedures, and other supporting documentation, to be in place.
NISP eMASS DAAPM DCSA Requirements for Incident Response Plan - (Appendix Q) | Download Toolkit Today
Version 2.2 (31 August 2020) of the Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM) mentions the phrase "incident response” twenty-six times, and for good reason. It is a strict requirement for cleared industry to have in place a number of critical measures relating to incident response. And while the DAAPM does provide a template via Appendix Q regarding incident response, what cleared industry needs is a thorough, comprehensive, easy-to-use incident response plan, and that’s exactly what we offer at the Arlington Security Portal (ASP).
With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO.
NISP eMASS DAAPM DCSA | List of Vulnerabilities that DCSA is finding During Site Visits
Per a recent presentation by DCSA personnel, the following vulnerabilities are being found regarding physical site for the Assessment & Authorization (A&A) process:
NISP eMASS DAAPM DCSA | List of Deficiencies that DCSA is Seeing in SSPs
Per a recent presentation by DCSA personnel, the following deficiencies are being found in System Security Plans (SSP) within the eMASS Assessment & Authorization (A&A) process:
NISP eMASS DAAPM DCSA | Guidance on Hibernation Procedures
On March 20 2020, DCSA issued a news bulletin discussing the challenges with COVID and measures that cleared contractors should be aware of regarding periods of system inactivity (i.e., hibernation). In short, if a facility plans to stop work for an extended period of time, an audit variance may be authorized, which will require a Standard Operating Procedure (SOP) to be in place that specifies how the system will be protected during a dormant state.
NISP eMASS DAAPM DCSA | Tips and Advice on the Assessment & Authorization (A&A) Process
Here are some helpful tips and advice when it comes to the Assessment & Authorization (A&A) Process within eMASS for cleared contractors.
NISP eMASS DAAPM DCSA | Time and Effort Needed for A&A Process in eMASS
We are often asked how much time and effort it will take to submit a package within eMASS for the entire NIST RMF A&A process. That ultimately depends on the following factors that a cleared contractor should consider when beginning the NIST RMF A&A process:
NISP eMASS DAAPM DCSA | Guidance on eMASS Spreadsheets
It’s well-known that the two spreadsheets within eMASS for the Assessment & Authorization (AA) process require a tremendous amount of data to be inputted, with some of the information being similar on both. With that said, can they be combined to speed up the process?
NISP eMASS DAAPM DCSA | Guidance on the SLCM Fields Within the “ControlInfoExport” Spreadsheet
DCSA personnel will want to gain a strong understanding of an organization’s continuous monitoring initiatives, which means cleared contractors need to have in place a documented and formalized continuous monitoring program (ConMon). Per a recent presentation by DCSA personnel: