From ODAA > CA > CA Liaison (Raquel) > Me > You…

See below.

*Note: the NA IA Controls (not individual checks) still need to be documented in the POA&M.

Sean P.

Please let the CA Liaison team know that per Dr. Kiriakou’s email dated 18 Mar 2013, N/A discreet checks are no longer required to be documented in the RAR. Per the ODAA, they “no longer require N/A findings (actual N/A’s) to be included in the RAR starting immediately”.

***Please note: justification for discreet checks being marked N/A IS STILL REQUIRED to be documented, however, this information can be documented in the raw test results like they were prior to the transition to EMASS. IA control level N/As must be explained and justified in the EMASS POA&M.

For those packages that are already currently in queue and have this information reported in the RAR, that is fine, but we should enforce the direction provided above effective immediately.