INSTRUCTIONS
Aggregation of all data, plus the potential impact and
likelihood of a security issue arising from mishandling
or misuse of that data, should factor in the assessment
of all decisions within the ITCSC.
1. System Identification Information
System Name: The name of the Information Technology
(IT) entered here MUST match the Investment Name being
entered during IT Investment Portfolio System (ITIPS)
registration
System Acronym: The same acronym entered in ITIPS as
the Investment Acronym
Version: Version number of the system
ITIPS ID, DITPR, or eMASS ID numbers may be
required if:
• Previous IT registration in ITIPS or eMASS
exists.
• You are following the Assess Only Process
and integrating a product into a host
environment (i.e. the product is a PIT
subsystem).
See Ref: (m) for more information.
2. Technical Description/Purpose
Provide a general technical description of the function and
purpose of the proposed IT. This description should tell the
story of who, what, where, when, why, and how the IT
supports the warfighter and/or other IT. Consider the
following when filling out this section:
• What is the purpose of the IT?
• Is the IT mission essential to the warfighter?
• What are the major hardware/software components of
the IT?
• What services are provided by the IT, and are any of
those services publicly accessible (can anyone access
information contained on the IT without needing
authorization)?
• How will each of the Information Types be stored,
processed, and/or transmitted by the IT?
• If the IT is undergoing a significant modification,
describe the modification and its purpose, otherwise
ignore this requirement.
3. Authorizing Official & Authorization Boundary
A listing of AOs and AO boundary descriptions can be
found on the Air Force Risk Management Framework
(RMF) Knowledge Service (KS) at:
https://rmfks.osd.mil/rmf/collaboration/Component%20Wo
rkspaces/AirForce/Pages/default.aspx
4. System Operational Status
Operational - The IT has satisfied program requirements
and achieved Initial Operating Capability (IOC) or Full
Operating Capability (FOC)
Under Development - The IT is in the design/development
phase and has not entered final production/operation.
Major Modification - The IT is undergoing a necessary
modification to improve performance and reduce
ownership costs, consistent with the limitations prescribed
in 10 U.S.C 2244a
5. Describe the IT Authorization Boundary
Provide a narrative that clearly describes the IT system
boundary, as well as any external interfaces or information
exchanges (removable media, RF, Ethernet, Wi-Fi etc.) that
would cross that boundary. If the IT is standalone (no
external interfaces), then clearly state that in this section.
Required DoDAF Artifact: If external interfaces exist, the
follow-on requirement is to generate a detailed and
comprehensive boundary drawing (DoDAF OV-1 and
SV-1) and post it to eMASS as an artifact during or
subsequent to initial registration.
6A. Intelligence Overlay
Does the IT process, store, or transmit Intelligence,
Surveillance, or Reconnaissance (ISR)?
See Ref: (e) for more information.
6B. Cross Domain Solution Overlay:
Will you implement, manage, or maintain a Cross Domain
Solution?
See Ref: (d) for more information.
Page 8 of 10