INSTRUCTIONS : SYSTEM AUTHORIZATION ACCESS REQUEST (SAAR) (DD Form 2875)
A DD Form 2875 is a Department of Defense form used a request for system authorization access. The form must be used before any access to Department of Defense computer system access will be granted.
The DD Form 2875 is available on the Department of Defense documentation website or can be supplied through the chain of command.
The initial boxes require you to indicate the type of request being made, the system name and location.
1. Part I is to be completed by the requesting individual and requires their personal and contact information.
2. Write in the corresponding boxes the name, organization, address, department, and contact information.
It must also be indicated whether the requesting party provide their citizenship and military status.
3. If any training or certification is necessary, the individual must indicate whether they have completed the necessary requirements and certify the form in box 11.
Once part I is completed, part II must be filled out by the system administrating agency or sponsoring party.
4. The justification for access must be provided in box 13. A brief explanation is required, however if extensive information needs to be provided, additional pages may be attached at the end of the form.
Additionally, the sponsoring party must describe the type of access to be granted and the security clearances necessary for the system.
5. Both the supervisor and information owner must provide their certifications and contact information in boxes 17 through 25.
If additional security matters need to be addressed by the proposed access, a security manager must validate the form in part III.
6. The security manager must provide the investigation information and sign off on the DD Form 2875 before it can be reviewed and approved.
Part IV requires completion by the authorized staff preparing the account information.
7. If specific information about the system needs to supplied on the DD Form 2875, this information should be listed in part IV, explaining the specific systems, domains, servers, applications, directories, files, or datasets that will be accessible.
Once all sections have been completed by the proper authorizing parties, the form should be transmitted to the approval authority.
8. A record of the form should be kept by the requesting party for further reference, especially if additional system authorizations requests will be needed in the future.