DPAS SCR: 02117

• SCR Number
  02117
• Title
  UIC management and Data Masking
• DPAS Module
  PA,Materiel Management
• Reporting Organization
  FH-AFHAF
• State
  New
• History
  3/4/2025
• Description

  Change Request: 

   

  Policy/Regulatory

   

  Description:

  Currently the user is required to manually update the Unit Kind Code when, UIC name and APO City when a UIC has been designated as a FAD1. The combination of certain data elements potentially change the classification of the UIC, and could potentially cause a security risk or spillage. Additionally, when users run inquires under the 'Asset Inquires' process there is a potential that certain combinations of data elements  could pose a risk.

   

  Recommended:

  Establish triggers in place to mask the data when the FAD code for a UIC is inserted or updated to a FAD 1. Additionally establish controls within the system that would limit the combination of data elements that could pose a risk and produce an error notifying the user that there is a security risk. The error should not allow the user to bypass the warning if they do not make any adjustments to the combination of data elements. Potentially move the UIC management process out of the APO/Property Administrator profile and move it all to a SIPR environment fro better controls of access.

  a. The association of the nomenclature of any single unit or program with the FAD I level designator is classified SECRET.

   

  b. Any compilation of forces, units, activities, projects, or programs associated with the FAD I level designator is classified SECRET.

   

  Mission Critical:
  AW CJCSI 4110.01F The Service Chiefs are required to develop and implement policies on the use of and oversight of all FAD codes assigned to units.  Security Information – United States Only. Classified lists reflecting authorized FAD I requisitioning entities are distributed and maintained by the Joint Staff Directorate for Logistics, J-4/J-44. This list is distributed on a strict “need-to-know-basis.” DoD components and associated agencies are authorized to determine the appropriate distribution within their organizations following standard security procedures. The following classification guidance applies when information is extracted from the lists:

   

  Benefits:

  Reduces the risk of spillage of sensitive or classified information on unclassified networks.

   

  Frequency: 

  Daily

   

  Users:

  Daily files are sent to ADVANA as the DAF Data Repository where users can access information to build reports.  Currently there are ~1600 users that have access to DPAS PA that could have access to Master Data information.