Defense Security Service (DSS) Security vulnerability assessment (SVA)
Required Annual Inspections
Industry locations with active SIPRNet circuits are required to have a Security Vulnerability Assessment (SVA) annually. These vulnerability inspections use the inspection methodology of the Office of Designated Approving Authority (ODAA) and they include assessments of required self-inspection documentation, safe inspections, staff interviews, and inspections of Information Systems (IS), as applicable. SIPRNet systems are required to meet electronic and documentation standards for ODAA and the DISA Security Technical Implementation Guides (STIGs).
As the NISPOM and DSS’s A&A processes change with the release of the new DSS Assessment and Authorization Process Manual (DAAPM), organizations often find themselves behind the power curve preparing for inspections. DSS sites are often faced with shrinking budgets, staffing constraints, and turnover in key personnel. With regular assessments, organizations gain increased situational awareness, reduce preparation time and inspection costs, and most importantly, minimize the risk of failure.
SecureStrux’s SVA assessment and assistance service is accomplished alongside your staff in three hands-on phases:
- Measure – Results against the current self-inspection handbook to gain a thorough understanding of your review of your self-inspection.
- Assess – Validate implementation process, procedures and technical configurations against your completed self-inspection and identify discrepancies.
- Improve – Provide recommendations for process improvements and efficiencies, including hands-on implementation assistance and training to maintain compliance.
Maximize Your SVA Score
SecureStrux understands the SVA inspection methodologies and has firsthand experience in preparing for and participating in the SVA inspection process. We have the technical expertise to provide not only a current SVA assessment, but can assist with the configuration, remediation and implementation of hardware and software settings to provide a secure and compliant security posture. By providing an organization with a thorough understanding of the inspection framework, we can help ensure your documented processes and procedures match the implemented requirements to avoid inadvertent inaccuracies.
Adding a third-party, independent review to your annual inspection cycle can also grant you bonus points during your SVA. Partner with SecureStrux today to maximize your SVA score, ensure your environment is inspection-ready, and minimize your findings during your next DSS SVA.