DCSA Assessment and Authorization
Process Manual - pg 3 -
Who is the AO? - answer Senior official or executive with the responsibility for operating
a system an an acceptable level of risk to everyone
What are the AO's responsibilities? (E and E) - answera. Ensure each system is
assessed and authorized properly
b. Evaluate threats and vulnerabilities to determine the need for additional safeguards
What are the AO's responsibilities? (I and V) - answerc. Issue security authorization
decisions
d. Verify records
What are the AO's responsibilities? (C and E) - answere. Confirm system security is an
element of the life cycle process
f. Ensure guidance for secure system operations is provided to cleared contractors as
necessary
What are the AO's responsibilities? (C and R) - answerg. Coordinate cyber incident
responses related to classified systems
h. Review and approve ISA and MOU/A associated with systems processing classified
information
Who is the SCA? - answerISSP appointed by AO to act on their behalf to oversee
cleared contractors' systems
What are the SCA's responsibilities? (C and R) - answera. Conduct a comprehensive
assessment of management, operational, and technical security controls to determine
overall effectiveness
b. Review Risk Assessment Report(s) and provide feedback to ISSM about
completeness
What are the SCA's responsibilities? (A and P) - answerc. Assess severity of any
weaknesses discovered in systems and recommends corrective actions to identified
vulnerabilities
d. Provide advice and assistance as needed
What are the SCA's responsibilities? (E and E) - answere. Evaluate threats and
vulnerabilities to systems to determine need for additional safeguards
f. Ensure security assessments are completed for each system
Process Manual - pg 3 -
Who is the AO? - answer Senior official or executive with the responsibility for operating
a system an an acceptable level of risk to everyone
What are the AO's responsibilities? (E and E) - answera. Ensure each system is
assessed and authorized properly
b. Evaluate threats and vulnerabilities to determine the need for additional safeguards
What are the AO's responsibilities? (I and V) - answerc. Issue security authorization
decisions
d. Verify records
What are the AO's responsibilities? (C and E) - answere. Confirm system security is an
element of the life cycle process
f. Ensure guidance for secure system operations is provided to cleared contractors as
necessary
What are the AO's responsibilities? (C and R) - answerg. Coordinate cyber incident
responses related to classified systems
h. Review and approve ISA and MOU/A associated with systems processing classified
information
Who is the SCA? - answerISSP appointed by AO to act on their behalf to oversee
cleared contractors' systems
What are the SCA's responsibilities? (C and R) - answera. Conduct a comprehensive
assessment of management, operational, and technical security controls to determine
overall effectiveness
b. Review Risk Assessment Report(s) and provide feedback to ISSM about
completeness
What are the SCA's responsibilities? (A and P) - answerc. Assess severity of any
weaknesses discovered in systems and recommends corrective actions to identified
vulnerabilities
d. Provide advice and assistance as needed
What are the SCA's responsibilities? (E and E) - answere. Evaluate threats and
vulnerabilities to systems to determine need for additional safeguards
f. Ensure security assessments are completed for each system
