COMDTINST 5230.67
(5) Collaborating with the Sponsor's Representative, SSA, and the Asset Manager to refine
employed IA practices.
(6) Developing and submitting technical proposals to implement IA changes, as appropriate.
h. System Support Agent (SSA). The SSA is the individual, unit, firm, agency, or organization that
performs, or has responsibility for, the maintenance, support, and availability of C4&ITsystems.
The SSA participates in all aspects of IA. The SSA has the following IA responsibilities:
(1) Coordinating IA system activities from the implementation phase through the remainder of
the life cycle.
(2) Supporting the SDA and other IA stakeholders as a technical advisor for IA issues, from the
field perspective, throughout the life cycle.
(3) Developing a set of metrics to determine the continued validity of IA for a given system or
service. The SSA provides these measurements to the Asset Manager.
(4) Providing competent technical authority for identifying, developing, and resolving support
requirements associated with IA changes.
(5) Collaborating with the Sponsor's Representative, SDA, and the Asset Manager to define
support requirements and support solutions.
i. User. The user is the individual, unit, or organization that interacts with and uses C4&IT
systems or services to accomplish work, execute missions, or deliver products and services to
Coast Guard members and external customers. The user provides feedback on existing C4&IT
systems, suggests enhancements to existing C4&IT systems, or identifies new system
requirements via the Sponsor's Representative.
j. Customer. A customer is any person or organization that benefits from C4&IT systems or
services. An internal customer is a person or organization inside the Coast Guard for which the
C4&IT system or service is being provided. An external customer is a person or organization
outside the Coast Guard for which the C4&IT product or service is being provided. The
customer provides feedback on existing C4&IT systems, suggests enhancements to existing
C4&IT systems, or identifies new system requirements via the Sponsor's Representative.
k. Stakeholder. For IA, a stakeholder is any person, group, or organization (e.g., customers;
employees; suppliers; owners; Office of Management and Budget, DHS, or other agencies; and
Congress) that can place a claim on, or influence, a C4&IT asset, is affected by that asset, or has
a vested interest in or expectation for the asset. The stakeholder provides feedback on existing
C4&IT systems, suggests enhancements to existing C4&IT systems, or identifies new system
requirements via the Sponsor's Representative.
l. Designated Accrediting Authority (DAA). The DAA is a senior management official
responsible for approving the operation of a C4&IT system at an acceptable level of risk. The
DAA issues (or withdraws) the Authority to Operate a system. The DAA may issue an Interim
Authority to Operate when a mitigation strategy has been developed and funded and risk exists.
The DAA shall be an Assistant Commandant, Area, or Maintenance and Logistics Command
(MLC) Flag Officer or Senior Executive Service employee. The duties of the DAA may be
delegated to an O-6, GS-15, or above and will not be delegated below this level without written
approval from the CIO.
m. Certifying Authority (CA). The CA shall be assigned to each C4&IT system or activity. The
CA is responsible for documenting the IA posture (e.g., security plan, POA&M, DR Plan,
5
Previous Page
