These FAQs come directly from the most common mission partner inquiries received, and from the live Enterprise Connection Division subject matter expert hosted Question and Answer sessions that are available regularly as part of the Mission Partner Training Program. If you would like to attend a live session please visit the training page for more information.
This page contains frequently asked questions on the Mission Partner Training program. Have a question? Submit it here.
January FAQ – Accreditation Enforcement
Question: 1.0 Does a program rides on a circuit (EIBN circuit) have to register in SNAP?
Answer: Yes, however dedicated circuits are not reported to JFHQ DODIN.
Question: Are the requirements in SNAP/GIAP the same for dedicated circuits?
Answer: No, the requirements are the topology and ATO for dedicated circuits.
Question: Are VPNS reported to JFHQ DODIN?
Question: Where can I find ATC examples?
Answer: They are located in the DISN Connection Process Guide (https://dl.dod.cyber.mil/wp-content/uploads/connect/pdf/unclass-DISN_CPG.pdf).
Question: How long upon CLSA delivery to DISA should we expect to hear back regarding CLSA approval and entered into the CAL?
Answer: CLSAs are posted to the CAL at the end of each month.
February FAQ – DSAWG 101
Question: What is the phone number for the DSAWG team?
Question: Are the DSAWG meetings held monthly?
Answer: Yes, they are held the second Tuesday of every month.
Question: What is the phone number for the team regarding connection approval packages?
Answer: 301-225-2900 or 301-225-2901
Question: How do I have IP addresses added to the DISN Access Control List (ACL) and the DISN Whitelist?
Answer: This can be completed by contacting your PPSM and Whitelist POC’s.
March FAQ – Category Assurance List
Question: If I would like to use a data service not listed on the CAL and it crosses boundaries 7 and 8; how long would a vulnerability assessment take to be completed?
Answer: The first step is to coordinate with your PPSM tag rep. and they will submit a Further Action (FA) report. Once the FA is received and everything is provided then the VA will be completed within 90-120 days (research time, presentation time, e-vote).
Question: Is there an updated boundary diagram including the cloud?
Answer: Yes, there is an updated boundary diagram. It can be obtained by contacting your PPSM tag rep.
Question: Is it possible to provide a very brief summary of the glossary page of the CAL regarding an external application going through the process?
Answer: The first step is to work with your component TAG rep to submit a FA report
Question: How do you begin the connection approval process for AWS Gov Cloud to DISA?
Answer: Either contact your tag rep. or Cloud Services Support (firstname.lastname@example.org)
Question: Is it possible to force a CAL update between regular monthly CAL updates?
Answer: Admin. update for mission critical updates. The request can be made by contacting your tag rep.
Question: Does it benefit other organizations when a PPS has been added to the CAL by a different organization?
Answer: Yes, it can benefit other organizations by using those PPS.
April FAQ – DSN Registration
Question: Does the ATO have to be completed before the registration? What if the ATO relies on the registration?
Answer: A customer can initiate DSN registration prior to receiving their ATO however; the final submission of the DSN registration needs the final ATO signature.
Question: What is an example of a CCSD for commercial cloud use?
Answer: CCSDs are not required for cloud connections.
Question: What happens after the ATO expires? Is our system automatically disconnected?
Answer: DSN registrations are not automatically disconnected, but the Connection Approval Office will work diligently with the customer to ensure that they have a current up-to-date accreditation.
May FAQ – PPSM
Question: What is PPSM?
Answer: PPSM standardizes procedures to catalog, regulate, and control the use of ports, protocols, and services. The PPS need to be registered either in the PPSM registry or in PPSM-U.
Question: What do I need to do to use Titanium?
Answer: VA’s already exist for Titanium. Titanium is restricted to boundary 15. A further action report will be needed to change boundaries.
Question: Which boundaries are used when moving to community of interest, across federated/mission partner gateways?
Answer: Boundary 16 under the same AO and boundary 15 under a different AO.
Question: What does — line mean in the CAL?
Answer: — means it is a restricted boundary.
Question: What is the difference between CLSA and FA?
Answer: The PPSM for a CLSA remain within the local enclave while for FA they cross the DISN.
Question: How long to review changes for PPSM?
Answer: A brand new service can take 90 – 120 days.
June FAQ – CHA Introduction
Question: Will Titanium replace Acropolis?
Answer: Titanium will not interfere with Acropolis.
Question: Who are the ports and protocol infractions reported to?
Answer: PPSM Secretariat.
Question: What are the requirements to use the tools?
Answer: No requirements, CHA team runs the scan.
Question: Are the tools available to all enclaves?
Answer: Yes, it is a free service.
Question: Can the tools differentiate between multiple programs riding the same CCSD?
Answer: No, they are not able to differentiate between the programs.
Question: Can the tools identify protocol encapsulation?
Answer: Yes, they can for GRE and ESP.
Question: Do the tools work with data at rest encryption requirements?
Question: Do any of the tools provide a network map?
Answer: They do not provide one.
Question: Is there a full listing of all of the tools the analysts have access to in Acropolis?
Question: Are reports available from the Silk scanning tool to use as RMF artifact?
Question: How often are data centers evaluated? Is it on a cycle or as needed?
Answer: As needed or as requested or JFHQ-DODIN orders.
December FAQ – RMF Package Submission
Question: What are the requirements for submitting your CSSP?
Answer: The CSSP is only required on SIPRNet. It can be submitted at the end of section 10.
Question: How often does the SP have to be updated?
Answer: It should be updated whenever a new accreditation is required. Internally, it should be updated constantly.
Question: How often do you require a control validation test on each system to maintain an accreditation?
Answer: The control validation test is not required by the Connection Approval Office.
Question: Who do we coordinate the ATO with?
Answer: The ATO would be coordinated through your AO office.
Question: Is PPSM required for only services that have organization update?
Answer: The registration is required for all PPS that are being used on the DoDIN.
Question: How often does the topology diagram need to be updated?
Answer: Whenever a network change is completed than the diagram should be updated. The updated diagram can be sent to the CAO.
Question: How are ACAS scans documented in the ATO package?
Answer: ACAS scans are not required by the CAO. The ISSM/ISSO would need to be contacted in order to understand how to document them.
Question: Who do I contact to begin the RMF package submission?
Answer: You would need to contact your ISSO/ISSM’s to start the package submission and make sure all of the paper work is correct.
Question: Will the new version of the CPG cover “new” processes and their required steps?
March 2020 FAQ – SNAP Introduction and User Guide
Question: What is the new URL for the Connection Approval website?
Question: What is the contact information for the Connection Approval Office?
Answer: The contact information is located on https://cyber.mil/connect/help/.
Question: What are the different job titles that would give different SNAP access?
Answer: The ISSM role would receive organizational access so they would see more than one record.
Question: Are there different levels of permission for the organizational role?
Answer: The organizational role is the highest level. The 2875 would need to be completed with specific CCSDs along with specifying user access.
Question: Would I submit another 2875 to gain access to other modules?
Answer: Yes, an updated 2875 must be submitted into SNAP.
Question: Does DISA or the organization fill out blocks 21 and 22 of part 2 of the 2875?
Answer: These blocks should be left blank.
Question: Once the 2875 is completed who do I e-mail it to?
Answer: The form would need to be submitted back into SNAP once it is completed.
Question: What are the common problems during processing a new SNAP account?
Answer: The common mistakes are forgetting to have your supervisor and security manager sign the 2875, not having the contractor number listed for contractors, and having a training date that is ending soon which would result in being locked out of SNAP shortly after account creation.
COMPUTER BASED TRAININGS
Question: Is there a difference between the CBT version available for download and the play now version?
Answer: The two versions are available for convenience for our Mission Partners. We understand that some connections may not give the ability to stream the training from the website, so it might be more convenient to let the training download first and then watch. The downloadable version is also something Mission Partners can refer to at a later time. The play now version also has closed captioning enabled for accessibility if it would be more convenient to read the text instead of listening to the voice over.
Question: How are topics picked to be developed into CBTs?
Answer: The topics are picked from a variety of sources. Surveys to the Connection Approval, DSAWG, and PPSM analysts helped the training team determine which questions they received most from mission partners, and in-depth metrics analysis on the top connection approval package rejection reasons continues to contribute. Now that the program is growing, interaction from Mission Partners via email and during the Q&A sessions add to training topics. This program is designed to bring information to Mission Partners that is useful and needed, so the syllabus will always remain flexible based on the needs of Mission Partners. Have a suggestion for a training topic? Submit it here.
Question: Who hosts the Q&A sessions?
Answer: A representative from the Mission Partner Training Program will host and facilitate the sessions and there will be subject matter experts from the different branches in the Risk Adjudication and Connection Division on the line to answer any specific questions you may have.
Question: How do I prepare for a Q&A session?
Answer: We encourage everyone to watch the computer-based training on the topic that will be discussed in the Q&A prior to the session.
Question: How do I attend a Q&A session?
Answer: The Q&A sessions are hosted via Defense Collaboration System (DCS), as well as a teleconference bridge. All audio will occur on the bridge. The DCS will have supplementary documentation, a chat for submitting additional questions, and website links to help us improve the sessions for Mission Partners. Please join both the DCS and teleconference for the best Q&A experience.
Question: What time zone are the times in the Q&A schedule and invitations?
Answer: All Q&A sessions times are EASTERN time (EST/EDT).