Department of Defense Information Assurance Certification and Accreditation Process

Department of Defense Information Assurance Certification and Accreditation Process

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied on information systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the information assurance (IA) posture throughout the system's life cycle.

History

DIACAP is the result of a NSA directed shift in underlying security paradigm and succeeds its predecessor: DITSCAP.

An interim version of the DIACAP was signed July 6, 2006 and superseded DITSCAP. The final version is titled Department of Defense Instruction 8510.01 and was signed on November 28, 2007. It supersedes the Interim DIACAP Guidance.

One major change in DIACAP from DITSCAP is the embracing of the idea of information assurance controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system's mission assurance category (MAC) and confidentiality level (CL).

Process

  • System Identification Profile
  • DIACAP Implementation Plan
    • Validation
  • Certification Determination
  • DIACAP Scorecard
  • POA&M
  • Approval to Operate Decision

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • National Information Assurance Certification and Accreditation Process — The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information …   Wikipedia

  • Department of Defense Information Technology Security Certification and Accreditation Process — The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the United States Department of Defense (DoD) for managing risk. DIACAP replaced the former process, known as DITSCAP… …   Wikipedia

  • United States Department of Defense — Department of Defense Department overview Formed August 10, 1949 (1949 08 10) …   Wikipedia

  • Department of Defense Cyber Crime Center — Defense Cyber Crime Center Seal Agency overview Formed 1998 Headquarters Linthicum, Maryland Parent …   Wikipedia

  • Information security professionalism — is the set of knowledge that people working in Information security and similar fields (Information Assurance and Computer security) should have and eventually demonstrate through certifications from well respected organizations. It also… …   Wikipedia

  • Professional certification (computer technology) — Professional certifications in computer technology are non degree awards made to those who have achieved qualifications specified by a certifying authority. Depending on the particular certification, qualifications may include completing a course …   Wikipedia

  • System Security Authorization Agreement — A System Security Authorization Agreement (SSAA), is an information security document used in the United States Department of Defense (DoD) to describe and accredit networks and systems. The SSAA is part of the Department of Defense Information… …   Wikipedia

  • Verification and Validation (software) — In software project management, software testing, and software engineering, Verification and Validation (V V) is the process of checking that a software system meets specifications and that it fulfils its intended purpose. It is normally part of… …   Wikipedia

  • National Commission for the Certification of Crane Operators — Type Professional Organization Founded 1995 Location Fairfax, VA (headquarters office) Key people John M. Kennedy, president …   Wikipedia

  • Certified Information System Auditor — Certified Information Systems Auditor (CISA) is an audit professional certification sponsored by the Information Systems Audit and Control Association (ISACA). Candidates for the certification must meet requirements set by ISACA.HistoryThe CISA… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”