Once the partner/sponsor determines that this is a new connection requirement, the next step is to identify the DISN network/service that is required. This involves matching partner needs to the most appropriate DISN network/service. All partners desiring connections to the DISN must first confirm with the applicable SM that the desired network/service is appropriate for the mission.

Partners who are not sure which network/service best meets their needs should review the description of DISN voice, video, and data services available at https://www.disadirect.disa.mil/products/asp/welcome.asp and/or contact the DISN Global Support Center (DGSC). The DGSC will facilitate contact with the appropriate DISN SM.

Partners who know which DISN service they require will find POCs for each of the DISN networks/services in the service appendices.

The sponsor may download the Non-DoD Connection Validation Letter from the DISA Connection Library.

The sponsor sends the completed letter, with an attached conceptual network topology diagram, to the appropriate SM. The purpose of the conceptual network topology diagram is to provide the SM enough information to determine if their network/service is appropriate for the partner's mission. A detailed topology diagram is required in the CAP package.

The DISN SM reviews the Non-DoD Connection Validation Letter and network topology to determine whether the proposed DISN solution is appropriate.

Concurs with Solution

If the SM concurs with the request, the SM will sign the letter and return it to the validating CC/S/A.

Non-Concurs with Solution

If the SM non-concurs with the proposed solution, the request will be returned to the sponsor with comment, or routed to another SM (after notifying the sponsor) if a different network/service solution is more appropriate for the mission.

The CC/S/A will review the sponsor’s request letter and either validate or reject the request.

CC/S/A Validated Request

If the CC/S/A validates the request, the representative will sign the letter and submit it to the DOD CIO for DISN access approval (with a copy to the sponsor).

CC/S/A Rejected Request

If the CC/S/A/FA POC rejects the request, it will be returned to the sponsor without action (with a copy to the appropriate SM) and the connection request process ends at this point.

GIG Waivers/Connection Approval office in the DoD CIO, Governance Directorate will evaluate the connection request and either approve or deny access to the DISN in support of the sponsor’s mission.

Approved Request

If DoD CIO approves the request to access the DISN, the representative will sign and forward the request letter to the DoD sponsor (with a copy to the CC/S/A POC, DSS and DISN SM).

Denied Request

If DoD CIO does not approve the request, the representative will return the request letter to the DoD sponsor without action (with a copy to the CC/S/A POC and DISN SM), and the connection, as proposed, will not be allowed.

After the appropriate network/service has been identified and applicable approvals are received, the partner/sponsor initiates a request for service fulfillment through the DDOE process. This is the ordering tool for DISN telecommunications services. The DDOE website is: https://www.disadirect.disa.mil/products/asp/welcome.asp.

In the event the service request qualifies as an Emergency or Essential National Security/Emergency Preparedness (NS/EP) telecommunications service, there is an expedited process available, both for service fulfillment and for connection approval.

In parallel, or shortly after initiating the request for service through DDOE, the partner/sponsor should begin the C&A process for the IS/enclave for which a connection to the DISN is required.

Non-DoD partner connections to the DISN require the completion of an approved C&A process (e.g. ICD 503, DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM), 28 February 2006, DIACAP, or other equivalent C&A process).

Mission partner sponsors are required to register the connection information (new or legacy) within the following applicable systems/databases (see appendix of desired network/service for details.

Once the DDOE process has been completed with the receipt of a Command Communications Service Designator (CCSD), the sponsor is required to register the IS information (IP address ranges, hosts, POCs, etc.) in the appropriate databases based on classification of the connection:

• Network Information Center (www.nic.mil) for all unclassified connections
• SNAP (https://snap.dod.mil) for:
• Voice, video, data circuit registrations and connections to unclassified networks/services
• OSD GIG Waivers for Internet Service Provider registrations (Appendix H)

or

• SIPRNet Support Center (www.ssc.smil.mil) for all classified connections
• GIAP/SGS (https://giap.disa.smil.mil/gcap/home.cfm) for:
• Voice, video, and data circuit registrations and connections to classified networks/services

and

• Ports, Protocols, and Services Management (PPSM) (https://pnp.cert.smil.mil) on SIPRNet for all networks/systems ports, protocols, and services for all IP solutions or applications, including Voice over Internet Protocol (VoIP) and Voice over Secure Internet Protocol (VoSIP)

DoD policy requires that sponsors register the IS information in the DoD Information Technology Portfolio Repository (DITPR) at https://ditpr.dod.mil. An enclave/network may also be registered in the SIPRNet IT Registry, by first requesting an account to the application at https://arm.osd.smil.mil.

Once you have an account, the link to the SIPR IT Registry is: http://osdext.osd.smil.mil/sites/dodcio/itregistry/default.aspx.

CC/S/A may have internal databases that need to be updated with connection information. Check with your CC/S/A for additional requirements.

The Mission Partner connection requests are submitted to the CAO in the form of a CAP package. This package provides the CAO the information necessary to make a connection approval decision. CAP packages should be submitted at least 30 days prior to the desired connection date for new connections. The following documents are minimum requirements for the CAO to analyze a CAP package (see the appropriate network/service appendix for additional requirements):

• Non-DoD Partner connections to the DISN require the completion of a C&A process. In all cases, C&A document and artifact submissions must provide IA status information equivalent to the DIACAP Executive Package.
• DIACAP Executive Package (DIACAP Scorecard) or equivalent
• System Identification Profile (SIP)
• IT Security POA&M, if required
• Detailed Topology Diagram (not a DIACAP artifact, however it is required for Connection Approval)
• DoD contractor connection to DISN:
• For Unclassified connections, use DIACAP (the sponsoring DoD component has responsibility for all DAA actions)
• For Classified connections, use DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM), 28 February 2006 (ref p) ; the Defense Security Service (DSS) has responsibility for all DAA actions; see the DSS-DISA MOA for further specifics regarding non-DoD classified connections.

• For non-DoD and non-IC federal departments and agencies:

• For an IS not categorized as a National Security System (NSS), use National Institute of Standards and Technology (NIST) SP 800-37 Rev 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, February 2010 (ref r)

• For an IS categorized as an NSS, and IAW CNSS Instruction No. 1253 Security Categorization and Control Selection for National Security Systems, October 2009 (ref o), refer to CNSSI 4009 National Information Assurance Glossary, June 2006, for the definition of an NSS.

NOTE: For other non-DoD entities, the C&A process requirements and inputs will be reviewed on a case-by-case basis. Coalition and allied mission partners will follow their established national C&A process.

• DAA Appointment Letter - must be included if there is a new DAA or if the information is not already on file in the Connection Approval Office (CAO).  The letter must appoint an official specifically by name, not the office to which the managerial official is assigned.  If the DAA has delegated signature authority to an authorized official, written evidence of a delegation action must be provided to the CAO prior to the acceptance of any CAP package documentation.
• Consent-to-Monitor (CTM) – this is the agreement signed by the DAA granting DISA permission to monitor the connection and assess the level of compliance with IA policy and guidelines. CTM supports electronic monitoring for communications management and network security, which includes site visits, compliance inspections, and remote vulnerability assessments to check system compliance with configuration standards. It is recommended that DAAs provide blanket CTM for the type IS's (e.g., SIPRNet CCSDs, NIPRNet CCSDs, and/or DSN voice switches) under their authority to be kept on file in the CAO.
• Residual Risk memorandum template. This document must be completed and signed by the contractor.
• DoD CIO approval letter.
  

Account Registration for the SNAP (Unclassified) and SGS (Classified) Database 

CAP packages for connections will be uploaded by the partner in the SNAP (unclassified) or SGS (classified) database.  In order to submit a CAP package, you must register for an account.

SNAP (Unclassified)

• Request a SNAP account
• Go to  https://snap.dod.mil/gcap/home.cfm
• Click on “request a SNAP account”
• Upload a completed signed DD Form 2875 System Authorization System Request (SAAR). The 2875 can be downloaded from SNAP.
• Complete section 13 of the 2875, “Justification for Access” by specifying the SNAP module and user role for your CC/S/A.
• Complete your profile data, asterisked item are required fields.
• Click “Submit Request” for approval

SGS (Classified)

• For classified connections go to https://giap.disa.smil.mil/gcap/home.cfm
• Click on “request a SGS account”
• Upload a completed signed DD Form 2875 SAAR.  The 2875 can be downloaded from the SGS website.
• Complete section 13 of the 2875, “Justification for Access” by specifying the  SGS module and user role for your CC/S/A.
• Complete your profile data, asterisked items are required fields.
• Click “Submit Request” for approval
• Once the account is approved, proceed with the creation/registration of the connection to include the submittal/upload of the DIACAP executive package artifacts once your local DIACAP C&A is completed.

Registration and Submittal Process for Unclassified and Classified Packages

SNAP (Unclassified)

• Logon to SNAP: https://snap.dod.mil/gcap/home.cfm
• Hover the mouse over "NIPR" and select "New Registration" 
• Complete all required fields of Sections0-6 of the NIPR Checklist (Sections with a locked icon are reserved for use by CAO Analyst).
• Upload Attachments for your DIACAP executive package artifacts in Sections 7.1 through 7.6 as applicable.  Please note: Only Sections 7.1 through 7.5 require the upload of attachments.
• Once all sections are completed,  a submit button at the bottom of the screen will be available in order to submit the entire registration.

NOTE: For 24/7 SNAP assistance; contact the DISN Global Support Center – (800) 554-3476

 
SGS (Classified)

• Logon to SGS: https://giap.disa.smil.mil/gcap/home.cfm
• Hover the mouse over "GIAP" and select "New Registration" 
• Complete all required fields of Sections 0-9 of the GIAP Checklist (Sections with a locked icon are reserved for use by CAO Analyst).
• Upload Attachments for your DIACAP executive package artifacts in Sections 9.1 through 9.10 as applicable.
• Once all sections are completed, a submit button at the bottom of the screen will be available in order to submit the entire registration.

Upon receipt of the CAP package, the CAO reviews the contents for completeness. In the event an incomplete package is received by the CAO, the package will be rejected and no CAO tracking number assigned. The partner will receive notification of a rejected package to include what documentation is missing from the package. Typically, when all the connection approval requirements are met an ATC or IATC will be issued within eight (8) business days.

As an integral part of the process, the CAO assesses the level of risk the partner's IS or network enclave poses to the specific DISN network/service and to the GIG community at large. The identification of IA vulnerabilities or other non-compliance issues and the responsiveness of the affected enclave in implementing appropriate remediation or mitigation measures against validated vulnerabilities will have a direct impact on the risk assessment, and subsequently on the connection approval decision.

The following are some of the indicators that would contribute to the assessment of an elevated risk:

• Missing, incomplete, or inaccurate CAP package input (because unknowns lead to a lower level of confidence in the IA status of the partner IS/enclave).
• Unsatisfactory results during remote compliance monitoring/vulnerability assessment where policy compliance is reviewed.

If the risk is "low" or "medium," the CAO will issue an ATC or IATC. A "medium" risk assessment will cause the CAO to monitor more closely the IA status of the IS/enclave during the connection life cycle. "Low" risk assessments will not affect a new connection request.

An ATC/IATC will normally authorize the partner to remain connected to the DISN network/service defined in the connection approval, up to the accreditation decision ATD. The results of the risk assessment may warrant the issuance of a connection approval decision with a validity period shorter than that of the accreditation decision ATD. In such cases, the CAO will provide justification to the DAA for the shorter validity period.

If the CAO assesses a "high" risk, it will provide the DAA the justification for the assessment and inform the DAA that current guidance (i.e., policy, DSAWG decision, STIGs, etc.) from DISN/GIG DAAs precludes the issuance of an ATC without additional review of the IS/enclave IA status by the community accreditation bodies.

Connection Approval

If the connection request is approved, the partner is issued an ATC or IATC. The validity period is specified in the ATC/IATC letter. After the connection is approved, the partner must work with DISN Implementation to complete the installation of the circuit. The connection approval is valid until the expiration date. The DAA must notify the CAO of significant changes, such as architecture changes requiring re-accreditation, movement of the IS enclave to a new location, changes in risk posture, etc., that may cause a modification in the IA status of the system/enclave or if the connection is no longer needed.

Denial of Approval to Connect

If the connection request is rejected, the CAO will provide the partner a list of corrective actions required before the connection can be approved. The process will restart at Section 5.9.