The System Security Authorization Agreement (SSAA) is an information security document that shows the agreement between the Project Manager (PM), the Designated Approval Authority (DAA), the Certification Authority, and the user representative concerning schedule, budget, security, functionality, risk, and performance issues and is the product of the DoD Information Assurance Certification and Accreditation Process (DIACAP). The DIACAP process, under Information Assurance (IA), establishes a standard process, set of activities, general task descriptions, and a management structure to certify and accredit information technology systems throughout the system life cycle. SSAAs will be included as annexes to the Program Protection Plan (PPP).
AcqLinks and References:
- Defense Acquisition Guidebook (DAG) – Chapter 8
- Website: Wikipedia – System Security Authorization Agreement