Term:System Security Authorization Agreement

DoDI 8100.03

System Security Authorization Agreement (SSAA) - A formal agreement among the DAA(s), the CA, the IT system user representative, and the acquiring activity. It is used throughout the entire DITSCAP to guide actions, document decisions, specify IT Security (ITSEC) requirements, document certification tailoring and level-of-effort, identify potential solutions, and maintain operational systems security. E2.1.37.

DSS Glossary

System Security Authorization Agreement - Formal document that fully describes the planned security tasks required to meet system or network security requirements. The package must contain all information necessary to allow the Designated Approving Authority to make an official management determination for authorization for a system, or site to operate in a particular security mode of operation; with a prescribed set of safeguards, against a defined threat with stated vulnerabilities and countermeasures; in a given operational environment; under a stated operational concept; with stated interconnections to external systems; and at an acceptable level of risk.

NSA IATF 3-1

System Security Authorization Agreement (SSAA) - The SSAA is the formal agreement among the DAA(s), Certifier, user representative, and program manager. It is used throughout the entire DITSCAP to guide actions, document decisions, specify IA requirements, document certification tailoring and level-of-effort, identify potential solutions, and maintain operational systems security.

NSTISSI 1000

System Security Authorization Agreement (SSAA) - The SSAA is a formal agreement among the DAA(s), certifier, IS user representative, and the program manager. It is used throughout the NIACAP to guide actions, and to document decisions, security requirements, certification tailoring and level-of-effort, certification results, certifier's recommendation, and the DAA's approval to operate.