I may be missing something, but it is unclear to me how to document CCA compliance for DBS given the new policies. It is also unclear if a DBS must be registered in the DoD IT Portfolio Registry.
Any guidance you can provide would be greatly appreciated.
Question 1: How to document CCA Compliance for a DBS given the new policies? DoDI 5000.75 has its own table that will be added to DoDI 5000.75 the next time it is updated. In the meantime, you can find the table at the BCAC CoP: https://www.milsuite.mil/book/docs/DOC-422156 <https://www.milsuite.mil/book/docs/DOC-422156> I have also enclosed a copy for you.
Open full Question Details
Question 2: Must a DBS be registered in the DoD IT Portfolio Registry (DITPR)? Registration in DITPR is still required; it is item 11 on the BCAC CCA Compliance Checklist enclosed. It’s how you get to be a business system in the first place – identifying your systems as “DBS – Yes” in DITPR. So if you’re under the 5000.75, you’ve already completed it and it doesn’t need to be called out as a separate requirement.
However, in the case where you are working on a “capability” under the 5000.75 before there is even a system to talk about, in this case… you may not have needed to register in DITPR yet, and you also wouldn’t be at an ATP that requires CCA compliance yet.