Overview: Risk-based oversight for Title 40/CCA is a process wherein the DCIO is using a risk-based decision-making to determine the degree of Title 40/CCA compliance activities to defer to the Component CIO based both on the capability of the Component across Title 40/CCA elements and risk level of the program. A result of risk-based oversight lies in its potential to enable the DCIO to identify and implement a most cost-effective means for ensuring CCA compliance by providing a decision-making framework to help leverage Title 40/CCA oversight responsibility to the Component CIO. The RBO Policy document and most recent CCA compliance certification language are listed below:
Title 40/CCA Capability Assessment: Component CIO Self-Assessment: Under this risk-based oversight process, Component CIOs shall complete the Title 40/CCA Capability Assessment. The Component CIO's self-assessment of capability will be used to determine the degree of oversight deferral to the Component CIO, based both on the capability of the Component across Title 40/CCA areas and risk category of the program. The Self-Assessment document asks a series of questions related to the implementation of oversight for Subtitle III of Title 40 [Clinger Cohen Act (Title 40/CCA)] within Department of Defense (DoD) Components. The primary audience for this assessment is the Component CIO. You may access the assessment tool below: