DISS serves as the system of record for personnel security, suitability, and credential management of all DOD employees, military personnel, civilians and DOD contractors. DISS also provides secure communications between Adjudicators, Security Officers, and Component Adjudicators in support of eligibility and access management.
Detailed information on how to request a DISS account, including clearance requirements, PKI certificates, and mandatory training will be posted in the DISS Account Management Policy and/or Account Request Procedure guides on the DISS website.
A minimum of interim secret eligibility is required to access DISS. Account Managers within each Component/Agency/Company will determine the specific DISS customer user base and assign user roles based on Component/Agency/Company guidance and responsibilities.
Each DISS user will be required to have a Public Key Infrastructure (PKI) certificate smartcard/token in the form of a Common Access Card (CAC), Personal Identity Verification (PIV) card, or authorized External Certificate Authority (ECA) certificate
Yes, the registration process has to be completed every time you get a new or replacement CAC or PIV. The Hierarchy/Account Manager will need to generate a new password. The pre-established registration user id and the newly generated password should be sent to the user. Thereafter, the user should re-register using the steps outlined below. o Select their Certificate.
o Click on the login button and you will be redirected to the User Registration Page.
o Enter the pre-established user id and the newly generated password and click register.
Each DISS user will be required to have a Web browser with Internet Explorer 10 or above, Firefox 11 or above. Each browser must maintain 128-bit security (SSL) encryption.
RRUs have become customer service requests (CSRs) in DISS. Customer Service Requests allow specific workflows to be sent to the DCSA VROC and DoD CAF for review and processing.
Users can find information on DISS by going to the DMDC DISS web page. Updates include: alerts, notices and release notes. User manuals will be provided within the landing page of the DISS application.
Hierarchy Managers are designated by their Component/Agency/Company
It is against DoD policies to share username/password, any approved active Public Key Infrastructure (PKI) hardware, or allow an individual to access another person’s DISS account or certificate in any manner or form. Only the authorized account and certificate holder is permitted to access/use his/her account. Examples of Approved Active PKI hardware include Common Access Cards (CAC), Personal Identity Verification (PIV) cards, approved corporate badges, and External Certificate Authority (ECA) cards/tokens, among others.
No, the exit screen and back button will not lock your account. The user will have to login again upon exiting, however.
Yes, there are indications throughout DISS when a save takes place.
https://nbib.opm.gov/e-qip-background-investigations/ The applicant's Security Officer must have first initiated the Investigation Request.
Yes, the information can be viewed with either the Security Manager or Security Officer role.
Yes, DISS allows for users to create a "Hosting" visit. The visiting SMO will receive a notification and can add/cancel visitors from the visit as well as modify the visit location while the Visit is in the "Created" status.
Yes, users can add personnel that have a relationship with another SMO. As long as the subject has a relationship with a SMO, they can be added to a visit.
Yes, the visit will also be added to the subject’s record as well as found in the Visit Report in the reporting module.
No, but you will receive a notification that the subject was added. As the visiting/hosting SMO, the Security Manager/Officer has the ability to "Cancel" their employee from the visit at any time.
Please call the DMDC Contact Center 1(800-467-5526) to report any potential misuses of DISS you may have observed.
As the Cognizant Security Agent (CSA) for DISS, when DMDC is made aware of an alleged misuse of DISS, the system must be protected from loss of data confidentiality, integrity, and availability. As a result, the user(s) account(s) are administratively locked and placed in administrative review, preventing any access to DISS during the review. This practice limits risk to the system and its data. During an administrative review: o The alleged will receive an Incident Notification Letter and any DISS accounts connected to the incident are locked. o Once the relevant data surrounding the incident is gathered, the DISS Program Manager (along with government counsel when necessary) make a determination as to whether or not the incident occurred: i. If it is determined that the incident occurred, the user may have their account terminated and be permanently barred from receiving another DISS (or future replacement system) account. A misuse of technology security incident will also be placed on the user’s DISS record for the DoD CAF to adjudicate. ii. If it is determined that the incident did not take place the user account may be unlocked. o When an administrative review is complete, the user will receive an Outcome Notification Letter, outlining the decision and any subsequent actions. .
If it is determined that a misuse has occurred the user is at risk of losing their DISS account as well as being barred from reapplying for a DISS account PERMANENTLY. A misuse of technology incident will be placed on the user’s DISS record for eventual adjudication by the CAF. An appeals process does exist; however, only new and relevant evidence may be presented to be considered for an appeal..
In order to protect the confidentiality, integrity, and availability of the data in DISS, the user’s account will be locked and will not be accessible during the entire period of the administrative review. In the rare circumstance where the integrity of an entire cleared organization/SMO is in question, all associated DISS user accounts may be locked. Appropriate investigative agencies may also be informed (e.g. Defense Criminal Investigative Service (DCIS), DoD Inspector General (DoDIG), etc.) dependent on circumstances and severity of the alleged incident. DISS audit logs are reviewed by program leadership to determine exactly what actions were performed/taken by the subject inside of the system, to include every screen viewed and every action taken in DISS. Note that your account will not be deleted/removed due to inactivity during an administrative review.
Follow all instructions as outlined in the incident notification letter. DISS General FAQ If a user receives a DISS incident notification letter, they may choose to directly respond with a personal statement addressing the incident. Note that the user(s) account(s) under administrative review will not be accessible, so please make appropriate coordination with other FSOs/AFSOs/SOs in your organization regarding your DISS workload/tasks. All communication regarding a DISS incident and/or administrative review should be directed to the email address provided in the notification letter.
Administrative reviews have no defined timeframe. Factors such as the severity of the misuse, the number of individuals involved, third party investigations/input, government counsel involvement, and size of audit files, among other factors can all vary from incident to incident.