System Security Authorization Agreement (SSAA)
The System Security Authorization Agreement (SSAA) is key to the DoD Information Technology Security Certification and Accreditation Process (DITSCAP). This document defines all system specifications. A description of the system mission, target environment, target architecture, security requirements, and applicable data access policies are provided. The SSAA also describes the applicable set of planning and certification actions, resources, and documentation required to support the certification and accreditation. In essence, the SSAA is the vehicle that guides the implementation of Information Security (INFOSEC) requirements and the resulting certification and accreditation actions.
An SSAA is comprised of a cover page and the following 6 sections:
- Mission Description and System Identification
- Environment Description
- System Architectural Description
- System Security Requirements
- Organizations and Resources
- DITSCAP Plan
The SSAA also contains multiple appendices used as needed for supplementary information for any of the 6 sections listed above.
In order to prepare an SSAA, the DITSCAP must be fully understood. CygnaCom Solutions has vast experience in following the DITSCAP and developing SSAAs. We can assist with all or a portion of the SSAA development. In support of the DITSCAP and SSAA preparation, we can perform the following:
- Provide training and guidance
- Perform Security Test and Evaluations (ST&Es)
- Conduct Threat, Vulnerability, and Risk Assessments
- Implement Life Cycle Management Processes