HOME

TheInfoList



Click Here for Items Related To - DIACAP
OR:
DIACAP on:   [Wikipedia]   [Google]   [Amazon]

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a deprecated
United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
Department of Defense The United States Department of Defense (DoD, USDOD, or DOD) is an executive department of the U.S. federal government charged with coordinating and supervising the six U.S. armed services: the Army, Navy, Marines, Air Force, Space Force, ...
(DoD) process meant to ensure companies and organizations applied
risk management Risk management is the identification, evaluation, and prioritization of risks, followed by the minimization, monitoring, and control of the impact or probability of those risks occurring. Risks can come from various sources (i.e, Threat (sec ...
to
information system An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, Information Processing and Management, store, and information distribution, distribute information. From a sociotechnical perspective, info ...
s (IS). DIACAP defined a DoD-wide formal and standard set of activities, general tasks and a management structure process for the
certification Certification is part of testing, inspection and certification and the provision by an independent body of written assurance (a certificate) that the product, service or system in question meets specific requirements. It is the formal attestatio ...
and
accreditation Accreditation is the independent, third-party evaluation of a conformity assessment body (such as certification body, inspection body or laboratory) against recognised standards, conveying formal demonstration of its impartiality and competence to ...
(C&A) of a DoD IS which maintained the
information assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and data transmission, transmission of information. Information assurance includes protection of the data integrity, inte ...
(IA) posture throughout the system's life cycle. As of May 2015, the DIACAP was replaced by the " Risk Management Framework (RMF) for DoD Information Technology (IT)". Although re-accreditations via DIACAP continued through late 2016, systems that had not yet started accreditation by May 2015 were required to transition to the RMF processes. The DoD RMF aligns with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).


History

DIACAP resulted from an
NSA The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...
directed shift in underlying security approaches. An interim version of the DIACAP was signed July 6, 2006, and superseded the interim DITSCAP guidance. The final version is called ''Department of Defense Instruction 8510.01,'' and was signed on March 12, 2014 (previous version was November 28, 2007). DODI 8500.01 Cybersecurit
http://www.dtic.mil/whs/directives/corres/pdf/850001_2014.pdf
DODI 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT
https://fas.org/irp/doddir/dod/i8510_01.pdf
DIACAP differed from DITSCAP in several ways—in particular, in its embrace of the idea of
information assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and data transmission, transmission of information. Information assurance includes protection of the data integrity, inte ...
controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). Applicable IA Controls were assigned based on the system's
mission assurance Mission Assurance is a full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies threatening mission success. Aspects of Mission Assurance Mission Assurance includes the disciplined ap ...
category (MAC) and confidentiality level (CL).


Process

* System Identification Profile * DIACAP Implementation Plan * Validation * Certification Determination * DIACAP Scorecard * POA&M * Authorization to Operate Decision * Residual Risk Acceptance


See also

* Risk Management Framework - successor to DIACAP


References


DIACAP Guidance at the DoD Information Assurance Support Environment

DIACAP Knowledge Service
(requires DoD PKI certificate)
DIACAP Control Indexer

Full list of DIACAP Phases
with instructions at GovITwiki.
DPT. Of Defense Instruction 8510.01: ''DoD Information Assurance Certification and Accreditation Process''

Department of Defense Directive 8500.1: ''Information Assurance (IA)''

Department of Defense Instruction 8500.2: ''Information Assurance (IA) Implementation''


External links


DoD Approved 8570 Baseline Certifications
Computer security accreditations Information Assurance Certification and Accreditation Program {{US-law-stub