Professional Documents
Culture Documents
References:
(a) National Industrial Security Program Operating Manual (NISPOM),
DoD 5220.22-M, dated 28 February 2006
(b) Defense Security Service (DSS) Assessment and Authorization
Process Manual (DAAPM), dated TBD
(c) CAGE-YYYYMMDD-#####-#####, Version 1.0, System Security
Plan, dated DD Month YYYY
In accordance with References (a) and (b), and based on adherence to Reference
(c), the undersigned hereby grants Authorization to Operate (ATO) for this Information
System (IS) with the following parameters:
a. System Type: SELECT SYSTEM TYPE
b. Classification: SELECT CLASSIFICATION
c. Categorization:
Confidentiality: SELECT IMPACT VALUE
Integrity: SELECT IMPACT VALUE
Availability: SELECT IMPACT VALUE
d. Formal Access Approvals: ☐COMSEC ☐CNWDI ☐NATO
e. CAVEAT: ☐RD ☐FRD ☐FGI ☐OTHER:
f. Location: SELECT AREA
g. Type Authorization: ☐YES ☐NO
h. Protected Distribution System: ☐APPROVED ☐NOT APPLICABLE
i. Operating System(s):
j. Trusted Downloading: DSS APPROVED PROCEDURES
k. Periods Processing: ☐YES ☐NO
l. Mobility: SELECT MOBILITY TYPE
☐OTHER:
m. Connections: SELECT CONNECTION
NSP UID: NSP Date:
MOU Agency: MOU Date:
Network Name: SELECT NETWORK
☐OTHER
The Authorization Termination Date (ATD) is [INSERT MONTH DD, YYYY].
The Information System Security Manager (ISSM) is responsible for submitting
quarterly updates regarding the status of the POA&M to their assigned DSS Information
Systems Security Professional (ISSP), [INSERT ISSP NAME], as applicable. Any
modification of system configuration, information protection requirements, or physical
location must be evaluated and approved by DSS prior to implementation.
[INSERT UID] shall operate under the following terms and conditions:
a. [INSERT TERMS AND CONDITIONS, e.g. number of users is limited
to ##, limited locations, TEMPEST/OPSEC requirements, etc.]
A copy of this letter will be retained with all relevant system documentation.
Sincerely,