These FAQs come directly from the most common mission partner inquiries recieved, and from the live Enterprise Connection Division subject matter expert hosted Question and Answer sessions that are available regularly as part of the Mission Partner Training Program. If you would like to attend a live session please visit the training page for more information.
This page contains frequently asked questions on the Defense Information Assurance Security Accreditation Working Group (DSAWG). Have a question? Submit it here.
Charter
Question: What is the purpose of the DSAWG?
Answer: The Defense Information Assurance (IA)/Security Accreditation Working Group (DSAWG) is the first accreditation or accreditation review level for the Department of Defense (DoD) for the transport, network management, and network segments of the Department of Defense Information Network (DoDIN). In addition, as the community jury for evaluating risk to the DoDIN, the DSAWG reviews specific topic areas assigned by the DoD Information Security Risk Management Committee (DoD ISRMC), formerly the DISN/GIG Flag Panel. The DSAWG adjudicates all high-risk connection requests as part of the DISN Connection Approval Process. In addition, as per §11.c.(2) of CJCSI) 6211.02D, the DSAWG, along with DISA and DoD CIO Identity and Information Assurance, provides technical advisors to the GIG Waiver Panel.
Question: What is the mission of the DSAWG?
Answer: The DSAWG performs the following missions and reports to the DoDIN Authorization Official (AO) through the Flag Panel:
i. Assess community-wide risks associated with DoDIN cross-domain interconnections, multiple security level technologies installed on a DoDIN-supported infrastructure, and new or unproven technologies and security solutions.
ii. Assess local and community-wide risks resulting from the use of commercial infrastructures for DoDIN traffic, DoDIN-interconnected systems accessed by foreign nationals, and the use of known technologies in a DoDIN environment for which they have not previously been approved.
iii. Perform accreditation duties in situations where the DoD ISRMC determines that the DSAWG’s broad visibility is necessary to assess and accept the risk to the DoDIN community.
iv. Review Information Assurance policies, procedures, architectures, strategies, etc., to ensure that required personnel, operations, and technologies are in place to mitigate the risk to the DoDIN and their connected enclaves. Recommend security policy and architecture improvements to the DoDIN Service Managers in support of the systems authorization process.
v. Review certification and accreditation strategies for proposed multi-site, multi-user systems that rely on the DoDIN transport.
Question: What is the authority of the DSAWG?
Answer: The DSAWG operates by authority of the Chairman, Joint Chiefs of Staff Instruction (CJCSI) 6211.02D, “Defense Information System Network (DISN): Policy, Responsibilities and Processes,” dated 24 January 2012. The DSAWG operates under the direct guidance of the DoD ISRMC, and the general guidance of the DoDIN AOs.
Question: Who are the voting representatives at the DSAWG?
Answer:
a. The DSAWG membership is made up of the following representatives:
i. Services: Army, USAF, Navy & USMC
ii. Agencies: DIA, DISA, NSA/CSS, Joint Staff
iii. Organizations: DCIO, USSTRATCOM, UCDSMO, USD(I), DNI CIO, DCMO
b. Specifically: Primary and Alternate voting members shall be assigned, in writing, by their respective DoDIN AO, Chief Information Officer, or Senior Information Assurance Officer. Primary members will be O-6 or civilian equivalent; deviations may be accepted with the concurrence of the DoD ISRMC. Members shall be assigned from the following organizations:
Chair (non-voting, provided by DISA)
Defense Intelligence Agency (DIA)
Defense Information Systems Agency (DISA)
Joint Staff (JS)
National Security Agency (NSA)/Central Security Service (CSS)
Service Representatives:
U.S. Army
U.S. Navy
U.S. Marine Corps
U.S. Air Force
DoD CIO (DCIO)
US Strategic Command (USSTRATCOM)
Unified Cross Domain Services Management Office (UCDSMO)
Under Secretary of Defense for Intelligence (USD(I))
Director of National Intelligence Chief Information Office (DNI CIO)
Deputy Chief Management Office (DCMO)
Secretariat
Question: What is the role of the DSAWG Secretariat?
Answer: The role of the DSAWG Secretariat is to provide analytical and administrative support to the DSAWG Chairman. The DSAWG Secretariat is responsible for all logistical coordination of the meeting, agenda, minutes, ballots, and attendance lists.
Question: What are the DSAWG Secretariat responsibilities?
Answer:
a. The Secretariat is an administrative support cell provided by DISA. The Secretariat operates under the guidance of the DSAWG Chair.
b. Generally, the Secretariat performs the following support activities:
i. Schedule meetings. Meetings will be held in secure facilities that allow discussion of relevant classified issues.
ii. Prepare agendas (e.g. Tentative, Preliminary, and Final) and supporting documentation and distribute them during the month in advance of scheduled meetings.
iii. Prepare and print vote ballot summaries for official decisions.
iv. Prepare and distribute draft minutes within two weeks after meetings to members and to other people and organizations as appropriate. The minutes should contain the post-meeting agenda, lists of members and attendees, summary of discussions, resulting decisions and recommendations, and resulting action items.
v. Maintain an appropriate (e.g., web-based) dissemination process for agenda, minutes, and supporting materials such as slide shows.
vi. Track actions assigned at DSAWG meetings
vii. Maintain a repository of relevant historical and supporting policy materials from the past history of DSAWG decisions, guidance, and opinions.
Question: How do I contact the DSAWG Secretariat?
Answer: Please call the DSAWG Secretariat at (301) 225-2905/DSN 312-375-2905, or e-mail the Secretariat on NIPR DSAWG: disa.meade.ns.mbx.dsawg@mail.mil or SIPR DSAWG: disa.meade.ns.mbx.dsawg@mail.smil.mil.
Meetings
Question: Can I present a classified presentation?
Answer: Yes, DSAWG meeting facilities have been approved for classified presentations. Classified presentations should be sent to the DSAWG Secretariat at least one week prior to the DSAWG Meeting for information briefs and two weeks prior for decision briefs. Remember to transmit and carry all such presentations in accordance with DoD regulations for the safeguarding of such information.
Question: I am the briefer and I only want to attend the portion of the DSAWG when I am scheduled to present. When should I arrive?
Answer: Since briefings and discussion periods can run either long or short, it is advised that you arrive an hour before you are scheduled to brief. You should also provide contact information to the Secretariat or Chair in case of possible changes to the day’s schedule.
Question: Where are the DSAWG meetings held? Where should I go when I arrive?
Answer: The primary location for DSAWG meetings is at CGI Federal, 300 Sentinel Drive, Annapolis Junction, Maryland 20701-1054, in their 2nd floor Conference Room. DSAWG meeting attendees are only given badges at the front desk of the DSAWG meeting conference room.
Question: How long do DSAWG meetings normally last?
Answer: DSAWG meetings normally begin at 0830 and end by 1700.
Agenda
Question: How do I submit a topic to be placed on the DSAWG Agenda?
Answer: Contact your DSAWG representative/sponsor. The list of DSAWG Representative names, along with e-mail addresses, and contact phone numbers is located on the SIPRNet DSAWG Intelink website.
Question: What specific information do I need to provide to my DSAWG sponsor, so it can be forwarded to the DSAWG Secretariat for inclusion on the agenda?
Answer:
a. Title of Briefing
b. Briefing type: Decision/Informational
c. Name of Briefer & their contact information (to be included on the attendance list)
d. Classification of Briefing
e. Sponsor organization: (DISA, NSA, ARMY, etc.)
Question: If I want to get on the DSAWG agenda, should I contact the DSAWG Secretariat directly?
Answer: The DSAWG Secretariat prefers that potential briefers contact their DSAWG Representatives in order to get on the agenda. In addition, the DSAWG Representative can offer the potential briefer insight into DSAWG proceedings in order to make their visit to the DSAWG a more successful one.
Question: Is there a specific DSAWG Agenda order for the sequence of briefings to the DSAWG?
Answer: Much of the morning portion of a DSAWG is pre-blocked with the following topic items:
i. SIPRNet Updates
ii. Cross Domain Solution (CDS) Tickets
iii. Community Requests for possible CDS Ticket assignment
iv. Ports and Protocols (PnPs)
v. Defense Switched Network (DSN) Switch Status
Decision Briefs are placed before Information Briefs.
There are considerations for specials instances of scheduling of briefings due to travel and logistical arrangements.
Briefings and Read Aheads
Question: Is there a standard DSAWG briefing format?
Answer: Yes, please see the DSAWG Briefing template located on both the DSAWG NIPRNet & SIPRNet websites. Decision briefings should contain therein explicit proposed wording that properly reflects the requested approval from the DSAWG. DSAWG briefings should be comprehensive enough for the voters to understand the proper constraints and limitations of a proposed decision in terms of time, scope, and the mitigations to reduce dangers to the DoD computer networks. Briefings also should not contain too much information with over-abundance of the details needed for proper understanding.
Question: Why are we required to submit our decision briefing to the DSAWG Secretariat two weeks before the DSAWG meeting?
Answer: The DSAWG voting members need adequate time to coordinate/review briefings within their respective organizations so that they are prepared to vote at the DSAWG. Additionally, an organization cannot proxy their vote to another DSAWG member without prior information regarding the briefing.
Question: Can I make changes to my briefing once I’ve submitted it to the DSAWG Secretariat?
Answer: Any changes to briefings should be submitted to the DSAWG Secretariat one week prior to the DSAWG meeting. It is important that DSAWG voting members have adequate time to review the material before it is briefed.
Question: How much time are presenters normally given to present their briefing?
Answer: Presenters are typically given 15 minutes to present and 15 minutes for discussion, for a total of 30 minutes before the DSAWG panel.
Minutes
Question: When are DSAWG minutes distributed after a DSAWG meeting is held?
Answer: Draft minutes are released for review and comment approximately one week after the DSAWG meeting. Once all preliminary comments are incorporated into the Draft Minutes, Final Draft Minutes are released and are approved by voting members (usually through a DSAWG evote or through oral consent at the DSAWG meeting) before becoming the Final Minutes. Briefers, DSAWG voting members, and others in attendance are encouraged to submit their suggested revisions to the Draft Minutes to the DSAWG Secretariat. Except for the correction of some typos, these will appear with redlining in the Final Draft Minutes.
Question: What gets placed in the DSAWG Minutes?
Answer: Meetings have lasted over seven hours with discussion. It is not the intention of the minutes to be a verbatim rendering of the meeting discussions. Not only would a verbatim rendering be impractical, the resulting written minutes would be too long for reasonable consumption. Rather, the minutes should capture the essential discussion points in a data flow that includes:
-Topic
-Presentation
-Discussion
-Decision
-Action Item(s)
Sidebars and digressions naturally occur in such a meeting forum. The essential consideration on whether to capture content of these discussions is if they contribute to the essential discussion points noted above.
Cross Domain Solutions
Question: Can you explain the CDTAB decision process?
Answer: The CDTAB meets once a month to review tickets; they meet the 4th Thursday of every month. Tickets are subsequently presented to the DSAWG, and then the DoD ISRMC, if required, which meets once a month for final approval.
Question: Do DREN networks fit in with CDS?
Answer: The DREN networks connecting to other networks has come before the panel before, and those connections deal with policy and are better answered by the DSAWG when it gets to that level. Contact service CDSE regarding this policy for specific guidance.
Question: Where can I find a list of approved CDS hardware?
Answer: There is a page of web links at the end of the training and there is a link to the UCDMO site at the end of training. There are actually two lists for guards that are approved and guards on a sunset list that will be taken offline by end of October next year.
Question: How long does it take to be accredited?
Answer: It’s not a hard and fast process. On average, it takes about 6 months to receive a 1 year accreditation. However, several cases have occurred in the approval process (e.g., CDSEs generate risk rating vs. NSA, CDSAs for ST&E with continued operation are new options); therefore, you may be able to get a connection approval in a shorter time frame.
Question: What is needed for yearly CDS reaccreditation?
Answer: A DAA Revalidation memo, CDES Rejection memo, and CDS Configuration Validation Memo. See Connection Process Guide (CPG) Appendix K for more details.
Question: What about connection approval for multiple locations or sites?
Answer: A Cross Domain Solution Authorization (CDSA) that list for each site.
Question: Why does everything need to go through the CDSE?
Answer: The CDSE needs to be aware of your mission requirement to implement a Cross Domain Solution to assist you with submitting required documentation and to coordinate for monthly CDSE meetings. The CDS team reviews all of the documentation but the CDSE acts as the main point of contact for the CDSE mission that will assist you in ensuring you have all of the requirements in place.
Question: What if the connection is between classified to classified networks between different departments?
Answer: It is evaluated on a case by case basis for approval. The best starting point would be your CDSE, and see what they say based on what networks you are connecting.
Question: What about RDAC training sessions?
Answer: Your CDSE can put you in contact with the NSA to attend a two-day training in the Ft. Meade area, which gives a very good overview of the RDAC framework.
Resources
Question: Who should I contact if I encounter problems connecting to the either of the DSAWG websites?
Answer: Please call the DSAWG Secretariat at (301) 225-2905/DSN 312-375-2905, or e-mail the Secretariat via NIPR DSAWG: disa.meade.ns.mbx.dsawg@mail.mil or SIPR DSAWG: disa.meade.ns.mbx.dsawg@mail.smil.mil.