HomeInformation SystemsDefense Information Security System (DISS)DISS FAQs

DISS Frequently Asked Questions

New to DISS

What is the Defense Information System for Security?

DISS serves as the system of record for personnel security, suitability, and credential management of all DOD employees, military personnel, civilians and DOD contractors. DISS also provides secure communications between Adjudicators, Security Officers, and Component Adjudicators in support of eligibility and access management.

How do I get a DISS account?

Detailed information on how to request a DISS account, including clearance requirements, PKI certificates, and mandatory training will be posted in the DISS Account Management Policy and/or Account Request Procedure guides on the DISS website.

What is required for access authorizations for DISS?

A minimum of interim secret eligibility is required to access DISS. Account Managers within each Component/Agency/Company will determine the specific DISS customer user base and assign user roles based on Component/Agency/Company guidance and responsibilities.

What are the public key Infrastructure (PKI) requirements for DISS?

Each DISS user will be required to have a Public Key Infrastructure (PKI) certificate smartcard/token in the form of a Common Access Card (CAC), Personal Identity Verification (PIV) card, or authorized External Certificate Authority (ECA) certificate

Will I need to register my CAC or PIV?

Yes, the registration process has to be completed every time you get a new or replacement CAC or PIV. The Hierarchy/Account Manager will need to generate a new password. The pre-established registration user id and the newly generated password should be sent to the user. Thereafter, the user should re-register using the steps outlined below. o Select their Certificate.
o Click on the login button and you will be redirected to the User Registration Page.
o Enter the pre-established user id and the newly generated password and click register.

What are the web browser requirements for DISS?

Each DISS user will be required to have a Web browser with Internet Explorer 10 or above, Firefox 11 or above. Each browser must maintain 128-bit security (SSL) encryption.

Using DISS

How can users identify if their DISS records are accurate?


How will DISS training be conducted?


How will research, recertify, upgrade requests (RRUs) be handled in DISS?

RRUs have become customer service requests (CSRs) in DISS. Customer Service Requests allow specific workflows to be sent to the DCSA VROC and DoD CAF for review and processing.

Where do I find information on DISS deployments, modifications, and other updates?

Users can find information on DISS by going to the DMDC DISS web page. Updates include: alerts, notices and release notes. User manuals will be provided within the landing page of the DISS application.

Who designates hierarchy managers?

Hierarchy Managers are designated by their Component/Agency/Company

Can I log onto DISS using someone else's username, password, or PKI certificate?

It is against DoD policies to share username/password, any approved active Public Key Infrastructure (PKI) hardware, or allow an individual to access another person’s DISS account or certificate in any manner or form. Only the authorized account and certificate holder is permitted to access/use his/her account. Examples of Approved Active PKI hardware include Common Access Cards (CAC), Personal Identity Verification (PIV) cards, approved corporate badges, and External Certificate Authority (ECA) cards/tokens, among others.

What is the DISS policy on printing out or screenshotting DISS content?


Will the back button and exit lock your account?

No, the exit screen and back button will not lock your account. The user will have to login again upon exiting, however.

Is there a save indication feature?

Yes, there are indications throughout DISS when a save takes place.

How do I access e-QIP?

https://nbib.opm.gov/e-qip-background-investigations/ The applicant's Security Officer must have first initiated the Investigation Request.

Can I view the applicant's personnel security questionnaire through DISS?

Yes, the information can be viewed with either the Security Manager or Security Officer role.

Will a subject’s record turn red in DISS while submitting an incident report?


Why does DISS require me to go to a SMO task inbox?


How are incident reports submitted in DISS?


How do I submit a subject’s foreign contact or foreign travel information?


Hosting/Requesting Visits

What's the definition of visit requests status?


Where do I see visits?


Can I create a visit on behalf of another SMO to my facility?

Yes, DISS allows for users to create a "Hosting" visit. The visiting SMO will receive a notification and can add/cancel visitors from the visit as well as modify the visit location while the Visit is in the "Created" status.

Can I add personnel to a visit without a relationship to my SMO?

Yes, users can add personnel that have a relationship with another SMO. As long as the subject has a relationship with a SMO, they can be added to a visit.

Will I get a notification if one of my employees is added to a visit?

Yes, the visit will also be added to the subject’s record as well as found in the Visit Report in the reporting module.

Will I get a task to approve a Security Manager adding my employee to a visit?

No, but you will receive a notification that the subject was added. As the visiting/hosting SMO, the Security Manager/Officer has the ability to "Cancel" their employee from the visit at any time.

How long do visits last in the system?


Can I extend a visit or modify the dates and location?


DISS Misuse

What do I do if I witness a misuse of DISS?

Please call the DMDC Contact Center 1(800-467-5526) to report any potential misuses of DISS you may have observed.

What happens in the event of an alleged DISS misuse ?

As the Cognizant Security Agent (CSA) for DISS, when DMDC is made aware of an alleged misuse of DISS, the system must be protected from loss of data confidentiality, integrity, and availability. As a result, the user(s) account(s) are administratively locked and placed in administrative review, preventing any access to DISS during the review. This practice limits risk to the system and its data. During an administrative review: o The alleged will receive an Incident Notification Letter and any DISS accounts connected to the incident are locked. o Once the relevant data surrounding the incident is gathered, the DISS Program Manager (along with government counsel when necessary) make a determination as to whether or not the incident occurred: i. If it is determined that the incident occurred, the user may have their account terminated and be permanently barred from receiving another DISS (or future replacement system) account. A misuse of technology security incident will also be placed on the user’s DISS record for the DoD CAF to adjudicate. ii. If it is determined that the incident did not take place the user account may be unlocked. o When an administrative review is complete, the user will receive an Outcome Notification Letter, outlining the decision and any subsequent actions. .

What are the consequences related to the misuse of DISS?

If it is determined that a misuse has occurred the user is at risk of losing their DISS account as well as being barred from reapplying for a DISS account PERMANENTLY. A misuse of technology incident will be placed on the user’s DISS record for eventual adjudication by the CAF. An appeals process does exist; however, only new and relevant evidence may be presented to be considered for an appeal..

What happens to my account in the event of an administrative review?

In order to protect the confidentiality, integrity, and availability of the data in DISS, the user’s account will be locked and will not be accessible during the entire period of the administrative review. In the rare circumstance where the integrity of an entire cleared organization/SMO is in question, all associated DISS user accounts may be locked. Appropriate investigative agencies may also be informed (e.g. Defense Criminal Investigative Service (DCIS), DoD Inspector General (DoDIG), etc.) dependent on circumstances and severity of the alleged incident. DISS audit logs are reviewed by program leadership to determine exactly what actions were performed/taken by the subject inside of the system, to include every screen viewed and every action taken in DISS. Note that your account will not be deleted/removed due to inactivity during an administrative review.

I have received a DISS incident notification letter, what should I do?

Follow all instructions as outlined in the incident notification letter. DISS General FAQ If a user receives a DISS incident notification letter, they may choose to directly respond with a personal statement addressing the incident. Note that the user(s) account(s) under administrative review will not be accessible, so please make appropriate coordination with other FSOs/AFSOs/SOs in your organization regarding your DISS workload/tasks. All communication regarding a DISS incident and/or administrative review should be directed to the email address provided in the notification letter.

How long do administrative review take to complete?

Administrative reviews have no defined timeframe. Factors such as the severity of the misuse, the number of individuals involved, third party investigations/input, government counsel involvement, and size of audit files, among other factors can all vary from incident to incident.

Technical Support

I am having issues navigating throughout DISS. What should I do?


What is the help desk number for DISS?