DISN Connection Process Guide

SIPRNET - CLASSIFIED

PRINT PAGE Add This

The following provides the necessary steps and information for a Secret Internet Protocol Router Network (SIPRNet) connection. This is intended to supplement information provided in the Partner Profile sections of this guide. Any deviations from those or additional requirements are identified in this appendix.

SIPRNet Connection Process Checklist

This checklist provides the key activities that must be performed by the partner/sponsor during the SIPRNet connection approval process.

ItemDoD Partner Non-DoD Partner
NewExistingNewExisting

Obtain OSD approval for non-DoD connection

 

 

5

Provision the connection

 

Perform the C&A process

Obtain an accreditation decision (ATO/IATO)

Register the connection

6

Register in the GIAP/SGS database

Register in the PPSM database

Register in the SIPRNet IT Registry database

Register with the SIPRNet Support Center (SSC)

 

 

 

Complete the CAP package

DIACAP Executive Package (or equivalent for non-DoD entities)

DIACAP Scorecard

System Identification Profile

Plan of Actions and Milestones, if applicable

DAA Appointment Letter

Network/Enclave Topology Diagram

Consent to Monitor

Proof of Contract

 

 

DOD CIO Approval Letter

 

 

Submit the CAP package to the CAO

Receive remote compliance scan

 

 

Receive SIPRNet ATC/IATC

5 This step is not required for reaccreditation Non-DoD Partner connections unless there has been a change in Sponsor, mission requirement, contract, or location.
6 This step is not required for reaccreditation connections that are already registered and all information is current.

 

Process Deviations and/or Additional Requirements

DoD Contractor connections to the SIPRNet must go through DSS for accreditation of their facilities and information systems. For questions regarding DSS accreditation, contact the DSS SIPRNet Program Management Office at occ.cust.serv@dss.mil by phone at 888-282-7682, Option 2.

The CAO review of the SIPRNet CAP package for new connections includes an on-line remote compliance assessment. This is a vulnerability scan of the IS requesting SIPRNet connection, performed by the CAO, to identify possible vulnerabilities that exist within the IS. The results are used during the connection approval decision-making process.

IATT Process Checklist

To be completed PRIOR to an initial scan for ATC/IATC issuance:
1 Equipment installed, configured, and turned on.
2 72 hr. burn-in completed by IT&A.
3 Per CTO 07-09, SIPRNet Connection Approval Office (SCAO) "Announced" IP Address configured in the firewall(s) and router(s) ACL to allow access for inbound and outbound traffic.
4 At least (1) server, workstation, or laptop with at least (1) port, protocol or service enabled. (Please refer to PPSM for allowed ports and protocols – disa.meade.ns.mbx.ppsm@mail.mil )
5 HBSS disabled for initial scan or SCAO's "Announced" IP Address added to the HBSS allowed IP's
6 Windows firewall disabled for the target system(s) initial scan.

Points of Contact

SIPRNet Support Center (SSC)
Unclassified email hostmaster@nic.mil
Phone (Commercial) 800-582-2567
Phone (DSN) 312-850-2713
Fax (Commercial) 614-692-3452
Fax (DSN) 312-850-3452
Website www.ssc.smil.mil

DISN Classified IP Lead
Phone (Commercial) 800-554-3476

CAO Remote Compliance Monitoring Contact Information
NIPR Scan Email

disa.meade.ns.mbx.caoscans@mail.mil

SIPR Scan Email

disa.meade.ns.mbx.caoscans@mail.smil.mil

Phone (Commercial) 301-225-2902
Phone (DSN) 312-375-2902

IT&A Contact Information
Phone (Commercial) 618-220-9041

SIPR NOC Contact Information
Phone (Commercial) 618-220-9980

Additional Policy and Guidance Documents

Cross Domain Solutions (CDS) are a special case of the SIPRNet connection process. Please refer to the CDS Process (Appendix K) for more information.

Sample SIPRNET Topology

Network Topology Diagram – this diagram depicts the network topology and security posture of the partner IS or network enclave that will be connecting to the DISN. The Network Topology Diagram should:

  • Be dated
  • Clearly delineate accreditation boundaries
  • Identify the CCSDs of all connections to the DISN
  • Identify equipment inventory (to include the most recent configuration including any enclave boundary firewalls, Intrusion Detection Systems (IDS), premise router, routers, switches, backside connections, Internet Protocol (IP) addresses, encryption devices, Cross Domain Solutions (CDS).
  • Other SIPRNet connections (access points) must be shown; the flow of information to, from, and through all connections, host IP addresses, and CCSD number, if known must be shown
  • Identify any other IA or IA-enabled products deployed in the enclave
  • Identify any connections to other systems/networks
  • Identification of other connected IS/enclaves must include:
    • The name of the organization that owns the IS/enclave
    • The connection type (e.g., wireless, dedicated point-to-point, etc.)
    • IP addresses for all devices within the enclave
    • The organization type (e.g., DoD, federal agency, contractor, etc.)
    • Identify Internetworking Operating System (IOS) version
    • Include the model number(s) and IP's of the devices on the diagram; diagram must show actual and planned interfaces to internal and external LANs or WANs (including backside connections)

    NOTE: It is important to note that in accordance with DoD and DISA guidance, firewalls, IDSs and Wireless-IDSs (where applicable) are required on all partner enclaves. Private IP addresses (non-routable) are not permitted on SIPRNet enclaves. Indicate and label all of the devices, features, or information; minimum diagram size: 8.5" x 11."

    The IA and IA-enabled products must be in the DoD UC Approved Products List and can be found at the DISA APLITS web page: https://aplits.disa.mil.

    NOTE: All topologies MUST include IP addresses and ranges. Click here to view an example of the NIPR/SIPR Enterprise Connection Division Topology Example.