- Source: Department of Defense Information Assurance Certification and Accreditation Process
- Department of Defense Information Assurance Certification and Accreditation Process
- National Information Assurance Certification and Accreditation Process
- Federal Information Security Management Act of 2002
- Certified Information Systems Security Professional
- Common Criteria
- Risk Management Framework
- Glossary of military abbreviations
- Software assurance
- CompTIA
- ISO 9000 family
The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a deprecated United States Department of Defense (DoD) process meant to ensure companies and organizations applied risk management to information systems (IS). DIACAP defined a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS which maintained the information assurance (IA) posture throughout the system's life cycle.
As of May 2015, the DIACAP was replaced by the "Risk Management Framework (RMF) for DoD Information Technology (IT)". Although re-accreditations via DIACAP continued through late 2016, systems that had not yet started accreditation by May 2015 were required to transition to the RMF processes. The DoD RMF aligns with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
History
DIACAP resulted from an NSA directed shift in underlying security approaches. An interim version of the DIACAP was signed July 6, 2006, and superseded the interim DITSCAP guidance. The final version is called Department of Defense Instruction 8510.01, and was signed on March 12, 2014 (previous version was November 28, 2007).
DODI 8500.01 Cybersecurity
http://www.dtic.mil/whs/directives/corres/pdf/850001_2014.pdf,
DODI 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT)
https://fas.org/irp/doddir/dod/i8510_01.pdf
DIACAP differed from DITSCAP in several ways—in particular, in its embrace of the idea of information assurance controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). Applicable IA Controls were assigned based on the system's mission assurance category (MAC) and confidentiality level (CL).
Process
System Identification Profile
DIACAP Implementation Plan
Validation
Certification Determination
DIACAP Scorecard
POA&M
Authorization to Operate Decision
Residual Risk Acceptance
See also
Risk Management Framework - successor to DIACAP
References
DIACAP Guidance at the DoD Information Assurance Support Environment
DIACAP Knowledge Service (requires DoD PKI certificate)
DIACAP Control Indexer
Full list of DIACAP Phases with instructions at GovITwiki.
DPT. Of Defense Instruction 8510.01: DoD Information Assurance Certification and Accreditation Process
Department of Defense Directive 8500.1: Information Assurance (IA)
Department of Defense Instruction 8500.2: Information Assurance (IA) Implementation
External links
DoD Approved 8570 Baseline Certifications