From DoD Directive 8500.1, Oct 24, 2002, Information Assurance:
4.15.
All DoD information systems shall comply with DoD ports and protocols guidance
and management processes, as established.
From DoD Instruction 8550.bb (DRAFT), Ports and Protocols Management
(PPM):
4.1. DoD information systems that traverse a DoD enclave boundary
shall employ only ports, protocols and services (PPS) that have been approved by
the DISN
Security Accreditation Working Group (DSAWG) for use across the Global
Information Grid (GIG).
Subsequent to publication of DoD D 8500.1, and in expectation of issuing DoD I 8550 as final guidance, the DoD Chief Information Officer (CIO), who is also the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (ASD C3I) released two policy memoranda on Ports & Protocols:
In the January 28 memorandum the ASD C3I gave responsibility for executing the boundary security aspects of the PPMP to the Joint Task Force - Computer Network Operations (JTF-CNO)
The JTF-CNO is the lead DoD agent for the operational defense of the DoD GIG. In this role, the JTF-CNO performs a variety of activities designed to fuse technical, operational, law enforcement/counter intelligence (LE/CI) and intelligence assessments of computer network incidents. The JTF-CNO also coordinates, and if necessary, directs DoD response actions to an identified attack in order to limit the scope and/or impact of an attack. JTF-CNO takes actions to restore network functionality as necessary. Finally, the JTF-CNO will plan the implementation of Computer Network Defense (CND) Response Actions to deter and defeat future computer network attacks. The JTF-CNO operations are coordinated with the Services, Combatant Commands, DoD Agencies, DoD Field Activities, Joint Staff/Secretary of Defense, local law enforcement agencies, and the Department of Homeland Security. JTF-CNO directive authority flows from the Commander, US Strategic Command (CDRUSSTRATCOM).
The ultimate authority for approving use of PPS across the Global Information Grid (GIG) in accordance with DoDD 8500.1 and DoDI 8550.bb resides with the four Defense Information Systems Network (DISN) Designated Approving Authorities (DAAs). The DISN DAA decision process is the structure of procedures, supporting groups, and systems that lead to final approval or disapproval by the DAAs. That structure includes the DISN Flag Panel, the DSAWG, the Configuration Control Board (CCB), the Technical Advisory Group (TAG), and the PPMP Manager.
From DoDD 8500.1
E2.1.13. Designated Approving Authority (DAA). The
official with the authority to formally assume responsibility for operating a
system at an acceptable level of risk. This term is synonymous with Designated
Accrediting Authority and Delegated Accrediting Authority
E2.1.14. DISN Designated Approving Authority (DISN DAA). One of four DAAs responsible for operating the DISN at an acceptable level of risk. The four DISN DAAs are the Directors of DISA, DIA, NSA and the Director of the Joint Staff (delegated to Joint Staff Director for Command, Control, Communications, and Computer Systems (J-6)).
The DISN DAAs:
From the DSAWG Charter:
The Defense Information Systems Network (DISN)
DISN Flag Panel is composed of military O7 (i.e., Flag rank officers) or
equivalent civilian rank from the DISN DAA organizations. The DISN Flag Panel:
From the DSAWG Charter:
The Defense Information Systems Network (DISN)
Security Accreditation Working Group (DSAWG) is the first accreditation or
accreditation review level for the transport, network management, and network
segments of the DISN for the Department of Defense (DoD) Global Information Grid
(GIG). The DSAWG operates under the direct guidance of the DISN Flag Panel, and
the general guidance of the DISN DAAs. The DSAWG:
From the CCB Charter (draft):
The CCB provides a DoD forum for determining
the acceptable risk associated with the use of specific ports, protocols and
services by Automated Information Systems (AISs) operating on DoD unclassified
and Secret Internet Protocol Router Network (SIPRNET) networks. The PPMP CCB
shall be an O-6/GS-15 level group chaired by the Defense Information Assurance
Program (DIAP). Voting representatives to the CCB are be DIAP
(Chair), USA, USN, USMC, USAF, Joint Staff/J6, NSA, DISA, ICIO, JTF-CNO,
ASD(C3I), USD(AT&L) (DLA), USD(P&R), and USD(C) (DFAS).
From the TAG Charter (draft)
The TAG supports the security risk and risk
mitigation aspects of the Ports and Protocols Management Process (PPMP).
Specifically, the TAG evaluates all uses of ports and protocols within DoD,
reviews and maintain Ports and Protocols Security Technical Guidance (standard
use).and report to the CCB TAG recommendations, products, and any internal TAG
issues and disputes.
The core members forming the TAG are technical subject
matter experts from each DOD Component member of the CCB. A representative from
any other Defense Component may also participate as a voting TAG member.
from http://www.c3i.osd.mil/org/sio/ia/diap/faq.html
The Defense-wide
Information Assurance Program, established in January 1998, is the Office of the
Secretary of Defense (OSD) mechanism to plan, monitor, coordinate, and integrate
IA activities. The DIAP will act as a facilitator for program execution by the
Commanders-in-Chief (CINCs), Military Service and Defense Agencies. The DIAP
Staff combines functional and programmatic skills for a comprehensive
Defense-wide approach to IA. The Staff's continuous development and analysis of
IA programs and functions will provide a "big picture" of the Department's IA
posture that identifies redundancies, incompatibilities and general shortfalls
in IA investments, and deficiencies in resources, functional and operational
capabilities.
What is the Relationship Between the DIAP and the DOD Chief Information Officer (CIO)?
The Department's implementation of the Clinger-Cohen Act (Information Technology Management Reform) assigns the DoD CIO responsibility for ensuring information technology and information resources meet operational requirements. Presidential Decision Directive 63, Critical Infrastructure Protection, expands CIO responsibility to include IA. The DIAP is the DoD CIO's mechanism for achieving his Defense-wide IA responsibilities.
The PPMP Manager is a technical and administrative support office in DISA providing full time support to the CCB Chair, the CCB, and the TAG. The PPMP Manager facilitates communications among the PPMP participants, maintains PPMP records, and maintains the Ports & Protocols Management System (PPMS).