NAVY-WIDE DESIGNATED ACCREDITING AUTHORITY (DAA) CONSOLIDATION UNCLASSIFIED/ FM CNO WASHINGTON DC TO NAVADMIN NAVADMIN 081/12 MSGID/GENADMIN/CNO WASHINGTON DC/N2N6/MAR// SUBJ/NAVY-WIDE DESIGNATED ACCREDITING AUTHO...:
UNCLASSIFIED// ATTENTION INVITED TO ROUTINE R 092005Z MAR 12 PSN 682387K34 FM CNO WASHINGTON DC TO NAVADMIN ZEN//OU=DOD/OU=NAVY/OU=ADDRESS LISTS(UC)/CN=AL NAVADMIN(UC) INFO ZEN/CNO WASHINGTON DC BT UNCLAS ***THIS IS A 2 SECTION MESSAGE COLLATED BY OIX GATEWAY NORFOLK VA*** QQQQ SUBJ: NAVY-WIDE DESIGNATED ACCREDITING AUTHORITY (DAA) CONSOLIDATION UNCLASSIFIED/ FM CNO WASHINGTON DC TO NAVADMIN NAVADMIN 081/12 MSGID/GENADMIN/CNO WASHINGTON DC/N2N6/MAR// SUBJ/NAVY-WIDE DESIGNATED ACCREDITING AUTHORITY (DAA) CONSOLIDATION// REF/A/DOC/OPNAVNOTE 5230.1297/04AUG11// REF/B/DOC/DODI 8510.01/28NOV07// REF/C/DOC/DADMS NETWORK REGISTRATION GUIDE, REV 3 (V3)/13JAN10// REF/D/EMAIL/DDCIO (N) NOTIFICATION OF DAA CONSOLIDATION// REF/E/DOC/CNSSI 4009/26APR10// REF/F/DOC/NIST SP 800-37 REV.1/FEB10// REF/G/DOC/OPNAVINST 5239.1C/20AUG08// NARR/REF A IS OPNAVNOTE 5230.1297, APPOINTMENT OF OPERATIONAL DESIGNATED APPROVAL AUTHORITY (ODAA). REF B IS DEPARTMENT OF DEFENSE INSTRUCTION (DODI) 8510.01, DEPARTMENT OF DEFENSE (DOD) INFORMATION ASSURANCE CERTIFICATION AND ACCREDITATION PROCESS (DIACAP). REF C IS DEPARTMENT OF NAVY (DON) APPLICATION AND DATABASE MANAGEMENT SYSTEM (DADMS) NETWORK REGISTRATION GUIDE, REGISTRATION AND DISPOSITION PROCESS FOR THE UNITED STATES NAVY (USN) NETWORKS/SERVERS, NETWORK DEVICES, AND SERVER APPLICATIONS, REVISION 3 (VERSION 3). REF D IS EMAIL FROM DDCIO (N) (SES HAITH) TO ECHELON II COMMANDERS NOTIFYING OF THE IMPENDING DAA CONSOLIDATION. REF E IS COMMITTEE ON NATIONAL SECURITY SYSTEMS INSTRUCTION (CNSSI) 4009, NATIONAL INFORMATION ASSURANCE (IA) GLOSSARY. REF F IS NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) SPECIAL PUBLICATION (SP) 800-37, REVISION 1, GUIDE FOR APPLYING THE RISK MANAGEMENT FRAMEWORK TO FEDERAL INFORMATION SYSTEMS: A SECURITY LIFE CYCLE APPROACH. REF G IS OPNAVINST 5239.1C, NAVY INFORMATION ASSURANCE (IA) PROGRAM.// POC/JULIE ROSATI/CDR/OPNAV N2N6BC4/TEL: CML 571-256- 8523/EMAIL: juliana.rosati@navy.mil// POC/KATE MATHERS/CIV/FLTCYBERCOM/ODAA/TEL: CML 757-417-7903 EXT 4/EMAIL: katherine.mathers@navy.mil// POC/DARCEE BRANHAM/CIV/FLTCYBERCOM/ODAA/TEL: CML 757-417-6776 EXT 9/EMAIL: DARCEE.BRANHAM (AT)NAVY.MIL// POC/ODAA OFFICE/FLTCYBERCOM/TEL: CML 757-417-6719 EXT 0/EMAIL: FCC(UNDERSCORE)odaa@navy.mil// RMKS/1. THIS NAVADMIN ANNOUNCES A NAVY-WIDE DAA CONSOLIDATION AND PROVIDES A TIMELINE FOR TRANSITION OF ASSOCIATED AUTHORITIES. PURSUANT TO REF A AND TO ENABLE U.S. FLEET CYBER COMMAND (FCC) TO FULLY EXECUTE ITS ROLE AS THE CENTRAL OPERATIONAL AUTHORITY FOR ALL NAVY COLLATERAL AND GENERAL SERVICES CLASSIFIED AND UNCLASSIFIED, OPERATIONAL INFORMATION SYSTEMS, NETWORKS, AND TELECOMMUNICATIONS SYSTEMS, DEPUTY DON CHIEF INFORMATION OFFICER (CIO) NAVY (DDCIO (N)) AND FCC AGREED TO CONSOLIDATE NAVY- WIDE DAA AUTHORITIES INTO A CENTRALIZED STRUCTURE UNDER THE AUTHORITY OF THE COMMANDER, FCC. 2. DURING THE PAST YEAR, SEVERAL AUDITS ACROSS THE NAVY INFORMATION TECHNOLOGY (IT) ENTERPRISE IDENTIFIED SIGNIFICANT ISSUES/LAPSES IN CONFORMITY WITH REF B, RESULTING IN NON-COMPLIANCE WITH CERTIFICATION AND ACCREDITATION (C&A) POLICY, AND UNACCEPTABLE RISKS TO NAVY NETWORKS AND THE GLOBAL INFORMATION GRID. NAVY DAA CONSOLIDATION WILL ENHANCE NAVY'S EFFECTIVENESS IN ENSURING STANDARDIZED SECURITY PRACTICES AND CONSISTENTLY APPLYING INFORMATION ASSURANCE AND C&A POLICY. 3. FUNCTIONING UNDER THE AUTHORITY OF COMMANDER FCC, THE NAVY'S OPERATIONAL DAA (ODAA) WILL OVERSEE AND EXECUTE THE NEW DAA STRUCTURE. IAW REF C, NAVY NETWORKS (EXCLUDING NAVY SENSITIVE COMPARTMENTED INFORMATION (SCI) NETWORKS) INCLUDE BUT ARE NOT LIMITED TO: A. RESEARCH, DEVELOPMENT, TEST & EVALUATION NETWORKS (INCLUDING USN DAA AREAS OF RESPONSIBILITY WITHIN DEFENSE RESEARCH AND ENGINEERING NETWORK (DREN) AND SECURE DREN; B. ALL SHIPBOARD NETWORKS SUCH AS THE INTEGRATED SHIPBOARD NETWORK SYSTEM/IT FOR THE TWENTY FIRST CENTURY; C. OCONUS NAVY ENTERPRISE NETWORK/BASE LEVEL INFORMATION INFRASTRUCTURE; D. EXCEPTED NETWORKS (E.G., NETWORKS THAT ARE OFFICIALLY APPROVED TO REMAIN OUTSIDE OF THE NAVY'S ENTERPRISE NETWORKS); E. LEGACY NETWORKS THAT ARE CURRENTLY IN AN ASSUMPTION OF RESPONSIBILITY STATE (E.G., LEGACY NETWORKS FOR WHICH HEWLETT PACKARD HAS ASSUMED RESPONSIBILITY) UNDER THE NAVY/MARINE CORPS INTRANET. 4. IAW REF D, THE FOLLOWING DAAS WILL BE RETITLED AS "AUTHORIZING OFFICIAL DESIGNATED REPRESENTATIVE (AODR)" WHICH ALIGNS WITH REF E AND ACCORDS WITH THE DOD CIO TRANSITION TO NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY TERMINOLOGY IDENTIFIED IN REF F. A. EDAA (EDUCATION DAA). B. RDAA (RESEARCH, DEVELOPMENT, TEST, AND EVALUATION DAA). C. DDAA (DEVELOPMENTAL DAA). D. PDAA (PLATFORM INFORMATION TECHNOLOGY (PIT) DAA). E. QOL DAA (QUALITY OF LIFE DAA). AFLOAT COMMANDING OFFICERS WILL NOT BE RETITLED AND WILL RETAIN THEIR DEPLOYED DAA STATUS TO MEET EMERGENT OPERATIONAL REQUIREMENTS IAW REF G. AODRS WILL CONTINUE TO EVALUATE AND REVIEW ACCREDITATION ACTIVITIES OF SYSTEMS AND NETWORKS UNDER THEIR COGNIZANCE. HOWEVER, EFFECTIVE 1 OCT 2012, THE AUTHORITY TO SIGN ACCREDITATIONS FOR ALL NAVY COLLATERAL AND GENERAL SERVICES CLASSIFIED AND UNCLASSIFIED, OPERATIONAL INFORMATION SYSTEMS, NETWORKS, AND TELECOMMUNICATIONS SYSTEMS IS RESTRICTED TO THE NAVY ODAA. CURRENT ACCREDITATIONS ISSUED BY THE DELEGATED DAAS IDENTIFIED ABOVE REMAIN IN FORCE AND DO NOT REQUIRE NAVY ODAA SIGNATURE UNTIL REACCREDITATION IS REQUIRED. 5. DELEGATED DAAS ARE DESIGNATED BY NAME AS OPPOSED TO THEIR OFFICIAL TITLE OR FUNCTIONAL ROLE. MOREOVER, PERSONS NOT OFFICIALLY DESIGNATED IN WRITING ARE NOT PERMITTED TO TAKE ANY ACTION UNDER THE ASSUMED AUTHORITY OF DELEGATED DAA. C&A STAFF ASSIGNED TO EACH AFFECTED PROGRAM/ECHELON II SHALL CONTINUE TO PERFORM ALL C&A ACTIVITIES THROUGH CERTIFICATION. UNTIL THE CONSOLIDATION AND FULL TRANSITION OF DAA AUTHORITIES IS COMPLETED, DELEGATED DAAS SHALL PROVIDE COPIES OF NEW ACCREDITATION DECISIONS TO THE NAVY ODAA WITHIN 48 HOURS OF ISSUANCE. 6. NAVY ODAA WILL ISSUE ALL DESIGNATIONS AND INTERIM/PIT RISK APPROVALS FOR PIT SYSTEMS. ECHELON II PROGRAM MANAGERS WITH A CURRENT PDAA SHALL CONTINUE TO PERFORM REQUIRED ACTIVITIES THROUGH CERTIFICATION/RISK DETERMINATION. 7. DAA CONSOLIDATION WILL NOT INCLUDE NETWORKS OR SYSTEMS UNDER OPNAV N89 SPECIAL ACCESS PROGRAM AUTHORITIES OR NAVAL INTELLIGENCE SCI AUTHORITIES. 8. DAA CONSOLIDATION TRANSITION TIMELINE: A. OPNAV UPDATES REF G TO REFLECT NEW NAVY ODAA AND AODR ROLES AND RESPONSIBILITIES NLT APR 2012. B. FCC/ODAA ISSUES STANDARD OPERATING PROCEDURE IN THE FORM OF A NAVY TELECOMMUNICATIONS DIRECTIVE NLT APR 2012. C. TRANSITION ALL NAVY COLLATERAL AND GENERAL SERVICES C&A PROCESSING TO EMASS (EXCEPT SCI) NLT SEP 2012. D. FCC/ODAA CONDUCT AODR PROCESS TRAINING NLT SEP 2012. E. FCC/ODAA CANCEL DESIGNATIONS OF DELEGATED DAA. DESIGNATE AODRS FOR ALL NAVY COLLATERAL AND GENERAL SERVICES CLASSIFED AND UNCLASSIFIED, OPERATIONAL INFORMATION SYSTEMS, NETWORKS, AND TELECOMMUNICATIONS SYSTEMS NLT DEC 2012. 9. AN UPDATED VERSION OF REF G, TARGETED FOR RELEASE IN APR 2012, WILL PROVIDE ADDITIONAL GUIDANCE FOR COMMANDING OFFICERS IN THEIR ROLES AS DEPLOYED DAA. 10. MY POINT OF CONTACT, AND DDCIO (N) REPRESENTATIVE, IS MS. JANICE HAITH, AT COMM: (571) 256-8523, EMAIL: janice.haith@navy.mil. 11. WIDEST DISSEMINATION REQUESTED. 12. RELEASED BY VADM KENDALL L. CARD, DCNO FOR INFORMATION DOMINANCE, N2N6.// BT #0434 NNNN UNCLASSIFIED//