How to fill out a Ports, Protocols

and Services Management (PPSM)

Registration Spreadsheet
Version 1.1
How to Fill out a PPSM Registration
Spreadsheet-Column A
• In Column A-DoD IS
Name-Use the system
Name and Acronym
from the from the
system C&A/A&A

• Example: Automated
Access Control System
AACS
How to Fill out a PPSM Registration
Spreadsheet-Column B
• In Column B-Version,
Use the System
Version / Release
Number from C&A/A&A
• Example: AACS is
System Version /
Release Number 2.0
How to Fill out a PPSM Registration
Spreadsheet-Column C
• In Column C, Use a brief version
of the system description from
C&A/A&A. Do not use special
characters (e.g., commas and
parentheses) in this field. Keep
the description brief
• Example: AACS 2.0 is based on
the Lenel OnGuard security
system that integrates alarm
monitoring access control and
remote control capabilities
throughout the Pearl Harbor
Naval Shipyard and Intermediate
Maintenance Facility PHNSY&IMF
Pearl Harbor site.
How to Fill out a PPSM Registration
Spreadsheet-Column D
• In Column D-Network
Environment, use the
drop down menu to
choose either Classified or
Unclassified.
• Example: eMASS shows
AACS as Connectivity:
NIPRNet. “Unclassified”
should be chosen from
the drop down menu on
the spreadsheet.
How to Fill out a PPSM Registration
Spreadsheet-Columns E and F
• Column E is for a system IP
address or range. Only
one IP address or range
should show all the way
down the column.
• Column F should show an
IP Perimeter address and
should be the same all the
way down.
• The full address must be
given in these columns.
How to Fill out a PPSM Registration
Spreadsheet-Columns G, H, I, J
• If the system is under
DIACAP add in the MAC
level from the drop down
menu.
• If the system is under
RMF, leave the MAC level
blank and fill in the CIA
levels from the drop down
menu in each column
based on your
categorization.
How to Fill out a PPSM Registration
Spreadsheet-Columns K and L
• In Column K-ATD, add in the
Accreditation Termination Date
in this field.
• If the system is unaccredited,
leave this blank. This is a
mandatory field; provide the
ATD as soon as accreditation is
awarded.
• Column L-Add the DITPR ID or if
the system does not have a
DITPR, add in the DITPR DON ID.
Leave blank if the system has
neither ID.
How to Fill out a PPSM Registration
Spreadsheet-Column M
• There must be an
application associated with
every data-service (Could
be the OS, Vendor,
Function (PKI, HBSS))
• If multiple application use
the same data service put
all the applications on one
line (do not use commas)
• Applications should be as
specific as possible
 How to Fill out a PPSM Registration Spreadsheet
-Column N

• In the IP Protocol Column, USE the drop down menu. Do not write in these cells.
• If a data service uses both TCP and UDP, they must be on separate lines.
• If choosing an IP Protocol, other than TCP or UDP, leave the service column and ports blank
but fill in boundaries as applicable. See the IP protocols on the example above
 How to Fill out a PPSM Registration Spreadsheet
-Column O

• In the Service column, USE the drop down menu. Do not write in these cells.
• Reference the CAL to see how a data service is named there. Find that name in the drop down menu. Check the
CLSA section of the CAL also.
• If a data service uses both TCP and UDP, they must be on separate lines.
• If a service is not listed in the drop down menu and not on the Category Assurance List (CAL), leave this column
blank and go to the description column . Write in Not Listed: USN-NAME-OF-THE-SERVICE. The name must be
capitalized, it must start with USN, and each word must be separated by a dash.
 How to Fill out a PPSM Registration Spreadsheet
-Columns P and Q

• In the Low Port and High Port columns, if the data service uses one port put that in both
columns.
• If a data service uses a port range; put the low port of the range in Column P and the high port
of the range in Column Q.
• If a not listed service was entered in the Description Column you must enter the ports for that
service in these columns.
 How to Fill out a PPSM Registration Spreadsheet
-Columns R through AI

• Only choose the Y from the drop down menu in each cell where a boundary is crossed.
• All possible boundaries crossed must be checked.
• If traffic leaves a Navy local enclave environment to the DISN, check boundaries 7/8 (for example-leaves the NMCI
B1)
• If traffic goes to/from the Internet Boundaries 1/2 must be checked. If these are checked then the IP addresses
must be entered in Columns AH and AI. These should be the IP addresses that are Whitelisted for the traffic.
• If Boundary 1 or 2 is checked, submit the Accreditation Letter along with the Spreadsheet for registration.
• If no boundaries are checked, the traffic will be registered as Internal.
 How to use the PPSM CAL

Network Column – If the U (Unclassified) or C (Classified) are present,

then the traffic is only allowed on that network. If the U or C are
missing, the traffic is not allowed on that network.
Low Port – This port number is the lowest number allowed for the data
service.
High Port – This port number is the highest number allowed for the data
service.
If there is a port range, you can register the whole range or an individual
port within the range.
 How to use the PPSM CAL

• Protocol – The allowed protocol for the data service being used. The number in the parenthesis is not relevant for
registration.
• Service Name – This is the abbreviation of the data service
• Title – This is the long name (short name) for the data service. Each title points to a CLSA or Vulnerability Assessment
(VA) for the data service. If the traffic is conditional (yellow), please refer to the VA for traffic implementation conditions.
• CAL compliance is defined as using the exact port, protocol and data service name within the appropriate networks and
boundaries. Any variation would require the appropriate exception be approved before use.
• Any boundary on the CAL that has a dash (-) indicates that the PPS in question is NOT permitted to traverse this
boundary. Any deviation would require the appropriate exception be approved before use.
• PPS categorized as Red are banned. Banned PPS are not allowed for use on internal systems or internal Navy networks.
They are also not allowed to traverse Navy network boundaries, or traverse within VPN tunnels without explicit approval
from the NAO via an approved Component Local Service Assessment (CLSA), or to traverse the DODIN without approval
of the Defense Security/Cybersecurity Authorization Working Group (DSAWG). System owners using Red PPS must take
action to transition from banned data services to DoD CAL compliant PPS.
How to Submit the PPSM Registration
Spreadsheet once it is completed.

Once completed, please submit it directly to Sara

Taverner at sara.taverner.ctr@navy.mil and Genadio
Lopez at genadio.lopez1.ctr@navy.mil to register the
system/application. If it is already registered and this is
an update, please also include the PPSM Tracking ID.

Below is a link to the PPS section of the NAO Portal,

which is a great resource for all PPS related information.
There you will find a folder named "Navy PPSM
Registration Documents" which includes the latest
version of the Navy PPSM Registration Spreadsheet.
https://usff.navy.deps.mil/sites/fcc-c10f/odaa/PPS/SitePa
ges/Home.aspx