DIACAP
   HOME

TheInfoList



Click Here for Items Related To - DIACAP
OR:
DIACAP on:   [Wikipedia]   [Google]   [Amazon]

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a deprecated
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
Department of Defense Department of Defence or Department of Defense may refer to: Current departments of defence * Department of Defence (Australia) * Department of National Defence (Canada) * Department of Defence (Ireland) * Department of National Defense (Philipp ...
(DoD) process meant to ensure companies and organizations applied risk management to
information system An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people ...
s (IS). DIACAP defined a DoD-wide formal and standard set of activities, general tasks and a management structure process for the
certification Certification is the provision by an independent body of written assurance (a certificate) that the product, service or system in question meets specific requirements. It is the formal attestation or confirmation of certain characteristics of a ...
and
accreditation Accreditation is the independent, third-party evaluation of a conformity assessment body (such as certification body, inspection body or laboratory) against recognised standards, conveying formal demonstration of its impartiality and competence to ...
(C&A) of a DoD IS which maintained the
information assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, n ...
(IA) posture throughout the system's life cycle. As of May 2015, the DIACAP was replaced by the " Risk Management Framework (RMF) for DoD Information Technology (IT)". Although re-accreditations via DIACAP continued through late 2016, systems that had not yet started accreditation by May 2015 were required to transition to the RMF processes. The DoD RMF aligns with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).


History

DIACAP resulted from an
NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
directed shift in underlying security approaches. An interim version of the DIACAP was signed July 6, 2006, and superseded the interim DITSCAP guidance. The final version is called ''Department of Defense Instruction 8510.01,'' and was signed on March 12, 2014 (previous version was November 28, 2007). DODI 8500.01 Cybersecurit
http://www.dtic.mil/whs/directives/corres/pdf/850001_2014.pdf
DODI 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT
https://fas.org/irp/doddir/dod/i8510_01.pdf
DIACAP differed from DITSCAP in several ways—in particular, in its embrace of the idea of
information assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, n ...
controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). Applicable IA Controls were assigned based on the system's
mission assurance Mission Assurance is a full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies threatening mission success. Aspects of Mission Assurance Mission Assurance includes the disciplined app ...
category (MAC) and confidentiality level (CL).


Process

* System Identification Profile * DIACAP Implementation Plan * Validation * Certification Determination * DIACAP Scorecard * POA&M * Authorization to Operate Decision * Residual Risk Acceptance


References


DIACAP Guidance at the DoD Information Assurance Support Environment

DIACAP Knowledge Service
(requires DoD
PKI PKI may refer to: * Partai Komunis Indonesia, the Communist Party of Indonesia * Peter Kiewit Institute The Peter Kiewit Institute is a facility in Omaha, Nebraska, United States which houses academic programs from the University of Nebraska†...
certificate)
DIACAP Control Indexer

Full list of DIACAP Phases
with instructions at GovITwiki.
DPT. Of Defense Instruction 8510.01: ''DoD Information Assurance Certification and Accreditation Process''

Department of Defense Directive 8500.1: ''Information Assurance (IA)''

Department of Defense Instruction 8500.2: ''Information Assurance (IA) Implementation''


External links


DoD Approved 8570 Baseline Certifications
Computer security accreditations Information Assurance Certification and Accreditation Program {{US-law-stub