1 / 8

ODAA Update July 2014

ODAA Update July 2014. ODAA Update Agenda. ODAA Business Management System (OBMS ) Deployment SIPRnet Program Oversight Command Cyber-Readiness Inspection (CCRI) Program ODAA Process Guide Questions and Discussion. OBMS Deployment. ODAA Business Management System (OBMS)

Download Presentation

ODAA Update July 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ODAA Update July 2014

  2. ODAA Update Agenda • ODAA Business Management System (OBMS) Deployment • SIPRnet Program Oversight • Command Cyber-Readiness Inspection (CCRI) Program • ODAA Process Guide • Questions and Discussion

  3. OBMS Deployment • ODAA Business Management System (OBMS) • OBMS deployment is scheduled for July 15, 2014. • System users will need Public Key Infrastructure (PKI) or External Certificate Authority (ECA) credentials to access OBMS. • OBMS Training is available through STePPand is listed under course number CS120.16 fortheOBMSExternal “Submitter” role. • Users will first establish Single Sign On (SSO) accounts and then request access to OBMS using the individual SSO account. • Problems or questions should be directed to the assigned Information System Security Professional (ISSP)/Industrial Security Specialist (ISR) or may be sent to the ODAA mailbox (ODAA@DSS.MIL) with a courtesy copy to the ISSP/ISR.

  4. After OBMS Deployment • ODAA Business Management System (OBMS) • A six month transition period from OBMS deployment to ODAA ending the email submission process. • After transitioning a CAGE to OBMS, use only OBMS for security plan submissions (not both email and OBMS from same CAGE) • ISSMs should transition to an “Interconnected” Master System Security Plan (MSSP) for interconnected systems. • Some previously submitted under Multi-User or Local Area Network (LAN) MSSPs • OBMS will not allow submission of an interconnected system under a LAN or Multi-User System MSSP.

  5. SIPRNet Program • SIPRNetnodes should meet applicable DoD requirements from the time of initial accreditation, not just for CCRIs • SIPRNetcircuits may not be extended into other facilities or sites (i.e. from Gov’t sponsor to Contractor site) • Government sponsors of SIPRNet (and a few NIPRNet) nodes at contractor sites are responsible for providing and/or funding • Computer Network Defense Service Provider (CNDSP) • Host Based Security System (HBSS) • SIPRNet email, and/or DNS services, etc required for program support • Sponsors should also provide appropriate DoD IA tools

  6. CCRI UPDATE • NISP Sites are Doing well on CCRI Overall • Planning, coordination, and partnering have been key • The DoD SIPRNet compliance and oversight program is evolving • Enhanced requirements and scoring • Compliance throughout the lifecycle of a system • DSS is still transitioning the NISP CCRI program from DISA • Training and certification of staff ongoing • DSS has conducted several “DSS Only” CCRIs • Will still see joint CCRI teams with DISA and DSS • DSS expects 40 – 50 contractor sites to undergo CCRI in FY15 with some conducted by DSS, others by DISA • Begin planning for Phase IV scoring and transition to ACAS vice Retina scanner.

  7. ODAA Manual and Templates • Revision 3.2 of the manual has been effective since May 2014. • Most significant change was removable media controls • Format and structure of the manual also changed • The National Industrial Security Program Operating Manual (NISPOM) conforming change 2 is in coordination. • As currently drafted will significantly change NISPOM Chapter 8 • Language redirects many requirements to “CSA provided guidance” which is the ODAA manual • Updated security plan templates were issued • Received feedback for updates to implement

  8. Questions And Discussion

More Related