Who determines whether an information system is an NSS?
Committee on National Security Systems () Policy No. 6, National Policy on Certification and Accreditation of National Security Systems, 1 October 2005 states “All federal government departments and agencies 2 shall establish and implement programs that mandate the certification 3 and accreditation4 of NSS under their operational control.” A Primary Accrediting Authority’ (PAA) or “Designated Accrediting Authority'” (DAA) is authorized to accredit a system. Based on the above reference, the organization’s PAAs or DAAs 5 can designate a system as a NSS provided the system meets the criteria outlined in Title 44, U.S. Code Section 3543(b)(2), Federal Information Security Management Act, Title III, Public Law 107-347, December 17, 2002.
