Department of Defense Information Assurance Certification and Accreditation Process
Encyclopedia
The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States
Department of Defense
(DoD) process to ensure that risk management
is applied on information system
s (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation
(C&A) of a DoD IS that will maintain the information assurance
(IA) posture throughout the system's life cycle
.
An interim version of the DIACAP was signed July 6, 2006 and superseded DITSCAP. The final version is titled Department of Defense Instruction 8510.01 and was signed on November 28, 2007. It supersedes the Interim DIACAP Guidance.
One major change in DIACAP from DITSCAP is the embracing of the idea of information assurance
controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system's mission assurance
category (MAC) and confidentiality level (CL).
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
Department of Defense
United States Department of Defense
The United States Department of Defense is the U.S...
(DoD) process to ensure that risk management
Risk management
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities...
is applied on information system
Information system
An information system - or application landscape - is any combination of information technology and people's activities that support operations, management, and decision making. In a very broad sense, the term information system is frequently used to refer to the interaction between people,...
s (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation
Accreditation
Accreditation is a process in which certification of competency, authority, or credibility is presented.Organizations that issue credentials or certify third parties against official standards are themselves formally accredited by accreditation bodies ; hence they are sometimes known as "accredited...
(C&A) of a DoD IS that will maintain the information assurance
Information Assurance
Information assurance is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes...
(IA) posture throughout the system's life cycle
Systems Development Life Cycle
The systems development life cycle , or software development life cycle in systems engineering, information systems and software engineering, is a process of creating or altering information systems, and the models and methodologies that people use to develop these systems.In software engineering...
.
History
DIACAP is the result of a NSA directed shift in underlying security paradigm and succeeds its predecessor: DITSCAP.An interim version of the DIACAP was signed July 6, 2006 and superseded DITSCAP. The final version is titled Department of Defense Instruction 8510.01 and was signed on November 28, 2007. It supersedes the Interim DIACAP Guidance.
One major change in DIACAP from DITSCAP is the embracing of the idea of information assurance
Information Assurance
Information assurance is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes...
controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system's mission assurance
Mission assurance
Mission Assurance is a full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies of mission success.- Aspects of Mission Assurance :...
category (MAC) and confidentiality level (CL).
Process
- System Identification Profile
- DIACAP Implementation Plan
- Validation
- Certification Determination
- DIACAP Scorecard
- POA&M
- Approval to Operate Decision