Part N. Nonsensitive
No accreditation is required for a computer which has been designated as Nonsensitive. However,
this designation must be approved in writing by an appropriate US1 or US2 accreditation authority.
The reason for this approval is to make sure that the computer is in fact Nonsensitive. Since
accreditation is not required, some units might be tempted to designate all their computers
Nonsensitive, just to get out of having to worry about accreditation.
To finish our discussion of the designated accreditation authorities, there are three things to note:
No further delegation: Except for the delegation discussed above, accreditation authority may not be
further delegated. For example, if the MACOM commander delegates CS2 authority to a general who
is a division commander, the division commander may not pass this authority along to a second
general, like the assistant division commander. Only the MACOM commander s authorized to
delegate accreditation authority.
Delegation in writing: Delegation of accreditation authority must be in writing, such as in a
memorandum signed by the MACOM commander. The delegation of accreditation authority can be by
name or by position title. A MACOM commander can issue a memorandum delegating CS3
accreditation authority to a Colonel by name o to a Colonel by his position title of Commander, 2d
Brigade, 52d Infantry Division.
Also DAA for any lower levels: The DAA for a particular sensitivity level is also authorized to accredit
a system at any lower sensitivity level. For example, a DAA for CS3 is also a DAA for US1 and US2,
and may approve the designation of Nonsensitive. This holds true for all the DAA for all the sensitivity
Part O: Preparing the Accreditation Document/Security Plan
You request a security clearance by filling out and submitting a bunch of forms to the United States
Army Personnel Central Clearance Facility (CCF), including a Standard Form (SF) 86. The SF 86
gives personnel at CCF enough information about you to decide if you can be trusted with a security
clearance and access to classified information. Accreditation is authorization for a computer to
process information at a particular sensitivity level, using a prescribed set of security safeguards.
Appendix C, AR 380-19 provides the sample format for the "Accreditation Document/Security Plan"
which describes that "prescribed set of security safeguards."
The accreditation document/security plan is just that; a very detailed description of exactly what the
unit plans to do with its computers and how it intends to protect those computers and the information
they will process from unauthorized disclosure, modification, and destruction. It describes the
computer and the security safeguards which will protect the computer and the information processed.
The accreditation document/security plan is normally prepared by the ISSO, and is forwarded to the
DAA along with the commanders request for accreditation. The DAA will review the accreditation
document/security plan to determine if security is adequate and if the system win be accredited. If
the DAA decides that security is T adequate, he will not accredit the computer and will return the