Once the partner determines that this is a new connection requirement, the next step is to identify the DISN network/service that is required. This involves matching partner needs to the most appropriate DISN network/service. All partners desiring connections to the DISN must first confirm with the applicable Service Manager (SM) that the desired network/service is appropriate for the mission.

Partners who are not sure which network/service best meets their needs should review the description of DISN voice, video, and data services available at https://www.disadirect.disa.mil/products/asp/welcome.asp and/or contact the DISN Global Support Center (DGSC). The DGSC will facilitate contact with the appropriate DISN SM.

Partners who know which DISN service they require will find POCs for each of the DISN networks/services in this guide’s individual appendices.

Identify your appropriate network/service through the DISN Telecommunications Business Services guide on the DDOE website: https://www.disadirect.disa.mil/products/asp/welcome.asp.

After the appropriate network/service is identified and applicable approvals are received, the partner/sponsor initiates a request for service fulfillment through the DDOE process on the DISA direct website listed above. This is the ordering tool for DISN Telecommunications Business Services guide.

In parallel, or shortly after initiating the request for service through DDOE, the partner should begin the C&A process for the IS/enclave for which a connection to the DISN is required.

DoD partners are required to use the DIACAP and to submit (at a minimum) a complete and accurate DIACAP Executive Package, which includes the following documents/artifacts.

• System Identification Profile (SIP)
• DIACAP Scorecard
• IT Security Plan of Action and Milestones (POA&M), if required
• Detailed Topology Diagram (not a DIACAP artifact, however it is required for Connection Approval)

(For instructions on how to complete these requirements, see (Ref g)/DIACAP and the DIACAP Knowledge Service at https://diacap.iaportal.navy.mil/login.htm.)

Partners are required to register the connection information (new or legacy) within applicable systems/databases.

Once the DDOE process has been completed with the receipt of a Command Communications Service Designator (CCSD), partners are required to register their IS information (IP address ranges, hosts, POCs, etc.) in the appropriate databases based on classification of the connection:

• Network Information Center (www.nic.mil) for all unclassified connections
• SNAP (https://snap.dod.mil) for:
• Voice, video, data circuit registrations and connections to unclassified networks/services
• OSD GIG Waivers for Internet Service Provider registrations (Appendix H)

Or

• SIPRNet Support Center (www.ssc.smil.mil) for all classified connections
• GIAP/SGS (https://giap.disa.smil.mil/gcap/home.cfm) for:
• Voice, video, and data circuit registrations and connections to classified networks/services

And

• Ports, Protocols, and Services Management (PPSM) (https://pnp.cert.smil.mil ) on SIPRNet for all networks/systems ports, protocols, and services for all IP solutions or applications, including Voice over Internet Protocol (VoIP) and Voice over Secure Internet Protocol (VoSIP) ), and Classified Video Voice over IP (CVVoIP).

DoD policy requires that partners register their IS information in the DoD Information Technology Portfolio Repository (DITPR) at https://ditpr.dod.mil.

An enclave/network may also be registered in the SIPRNet IT Registry, by first requesting an account to the application at https://arm.osd.smil.mil.
Once you have an account, the link to the SIPR IT Registry is: http://osdext.osd.smil.mil/sites/dodcio/itregistry/default.aspx.

CC/S/A may have internal databases that need to be updated with connection information. Check with your CC/S/A for additional requirements.

The Mission Partner connection requests are submitted to the CAO in the form of a SNAP or SGS registration and uploading of the CAP package. This package provides the CAO the information necessary to make a connection approval decision. CAP packages should be submitted at least 30 days prior to expiration or desired connection date for new connections.

A DAA Appointment Letter must be included if there is a new DAA or if the information is not already on file in the Connection Approval Office (CAO).  The letter must appoint an official specifically by name, not the office to which the managerial official is assigned.  If the DAA has delegated signature authority to an authorized official, written evidence of a delegation action must be provided to the CAO prior to the acceptance of any CAP package documentation.

Tactical exercise/mission CAP packages must be submitted a minimum of eight (8) days prior to the start of the exercise/mission. Tactical mission/exercise requests should include the mission number found on the Gateway Access Authorization (GAA) subject line or the timeframe of the exercise. The GAA message must be released by the appropriate Contingency and Exercise office (CONEX) prior to an IATC/ATC letter being issued by the CAO. Tactical exercise/mission CAP packages do not submit a complete DIACAP package. However, they must include at a minimum, an ATO/IATO letter, GAA, and topology.

Account Registration for the SNAP (Unclassified) and SGS (Classified) Database

CAP packages for connections will be uploaded by the partner in the SNAP (unclassified) or SGS (classified) database.  In order to submit a CAP package, you must register for an account.

SNAP (Unclassified)

• Request a SNAP account
• Go to  https://snap.dod.mil/gcap/home.cfm
• Click on “request a SNAP account”
• Upload a completed signed DD Form 2875 System Authorization System Request (SAAR). The 2875 can be downloaded from SNAP.
• Complete section 13 of the 2875, “Justification for Access” by specifying the SNAP module and user role for your CC/S/A.
• Complete your profile data, asterisked item are required fields.
• Click “Submit Request” for approval

SGS (Classified)

• For classified connections go to https://giap.disa.smil.mil/gcap/home.cfm
• Click on “request a SGS account”
• Upload a completed signed DD Form 2875 SAAR.  The 2875 can be downloaded from the SGS website.
• Complete section 13 of the 2875, “Justification for Access” by specifying the  SGS module and user role for your CC/S/A.
• Complete your profile data, asterisked items are required fields.
• Click “Submit Request” for approval

Once the account is approved, proceed with the creation/registration of the connection to include the submittal/upload of the DIACAP executive package artifacts once your local DIACAP C&A is completed.

Registration and Submittal Process for Unclassified and Classified Packages

SNAP (Unclassified)

• Logon to SNAP: https://snap.dod.mil/gcap/home.cfm
• Hover the mouse over "NIPR" and select "New Registration" 
• Complete all required fields of Sections0-6 of the NIPR Checklist (Sections with a locked icon are reserved for use by CAO Analyst).
• Upload Attachments for your DIACAP executive package artifacts in Sections 7.1 through 7.6 as applicable.  Please note: Only Sections 7.1 through 7.5 require the upload of attachments.
• Once all sections are completed,  a submit button at the bottom of the screen will be available in order to submit the entire registration.

NOTE: For 24/7 SNAP assistance; contact the DISN Global Support Center – (800) 554-3476

SGS (Classified)

• Logon to SGS: https://giap.disa.smil.mil/gcap/home.cfm
• Hover the mouse over "GIAP" and select "New Registration" 
• Complete all required fields of Sections 0-9 of the GIAP Checklist (Sections with a locked icon are reserved for use by CAO Analyst).
• Upload Attachments for your DIACAP executive package artifacts in Sections 9.1 through 9.10 as applicable.
• Once all sections are completed, a submit button at the bottom of the screen will be available in order to submit the entire registration.

Upon submittal of the registration, the CAO will review all sections of the registration or completeness and compliance.  In the event a section is incomplete or a non-compliant artifact is  uploaded to the database, that individual section will be rejected.  The POC’s listed in the database  will receive notification of a rejected registration to include what documentation is missing or non-compliant from the package.  The partner must log back into the database and complete or upload the updated artifact for the rejected section. Typically, when all the connection approval requirements are met an ATC or IATC will be issued within eight (8) business days.

As an integral part of the process, the CAO assesses the level of risk the partner’s IS or network enclave poses to the specific DISN network/service and to the GIG community at large. The identification of IA vulnerabilities or other non-compliance issues and the responsiveness of the affected enclave in implementing appropriate remediation or mitigation measures against validated vulnerabilities will have a direct impact on the risk assessment, and subsequently on the connection approval decision.

The following are some of the indicators that would contribute to the assessment of an elevated risk:

• Missing, incomplete, or inaccurate CAP package input (because unknowns lead to a lower level of confidence in the IA status of the partner IS/enclave).
• Unsatisfactory results during an on-site or remote compliance monitoring/vulnerability assessment event where IA controls are tested and policy compliance is reviewed

If the risk is "low" or “medium," the CAO will issue an ATC or IATC. A "medium" risk assessment will cause the CAO to more closely monitor the IA status of the IS/enclave during the connection life cycle. "Low" risk assessments will not affect a new connection request.

An ATC/IATC will normally authorize the partner to connect to the DISN network/service defined in the connection approval, up to the accreditation decision ATD. The results of the risk assessment may warrant the issuance of a connection approval decision with a validity period shorter than that of the accreditation decision ATD. In such cases, the CAO will provide justification to the DAA for the shorter validity period.

If the CAO assesses a "high" risk, it will provide the DAA the justification for the assessment and inform the DAA that current guidance (i.e., policy, DSAWG decision, STIGs, etc.) from DISN/GIG DAAs precludes the issuance of an ATC without additional review of the IS/enclave IA status by the community accreditation bodies.

Once the CAO makes a connection decision, the partner is notified.

Connection Approval

If the connection request is approved, the partner is issued an ATC or IATC. The validity period is specified in the ATC/IATC letter. After the connection is approved, the partner must work with DISN Implementation to complete the installation of the circuit. The connection approval is valid until the expiration date. The DAA must notify the CAO of significant changes, such as architecture changes requiring re-accreditation, movement of the IS enclave to a new location, changes in risk posture, etc., that may cause a modification in the IA status of the system/enclave or if the connection is no longer needed.

Denial of Approval to Connect

If the connection request is denied, the CAO will provide the partner a list of corrective actions required before the connection can be approved. The process will restart at Section Connection Approval Package.