A System Security Authorization Agreement (SSAA), is an information security document used in the United States Department of Defense (DoD) to describe and accredit networks and systems. The SSAA is part of the Department of Defense Information Technology Security Certification and Accreditation Process, or DITSCAP. The DoD instruction (issues in December 1997, that describes DITSCAP and provides an outline for the SSAA document is DODI 5200.40. The DITSCAP application manual (DoD 8510.1-M), published in July 2000 provides additional details.
DITSCAP was replaced on July 6, 2006 by an Interim Department of Defense (DoD) Certification and Accreditation (C&A) Process (DIACAP) Guidance. The Interim Guidance cites SSAA documentation but only as a transition to the replacement for DITSCAP, which is the DoD Information Assurance Certification and Accreditation Process (DIACAP). SSAA is not cited in the DIACAP as a necessary documentation format, but is still required by some organizations for software release processes.