Department of Defense Information Technology Security Certification and Accreditation Process
Encyclopedia
The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the United States
Department of Defense
(DoD) for managing risk. DIACAP replaced the former process, known as DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process), in 2006.
DoD Instruction (DoDI) 8510.01 establishes a standard DoD-wide process with a set of activities, general tasks and a management structure to certify and accredit an Automated Information System
(AIS) that will maintain the Information Assurance
(IA) posture of the Defense Information Infrastructure (DII) throughout the system's life cycle
.
DIACAP applies to the acquisition, operation and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. It identifies four phases:
DIACAP also uses weighted metrics to describe risks and their mitigation.
The DIACAP processes was refined by the publication of the DIACAP Application Manual. A similar methodology, NIACAP
, is used for the certification and accreditation (C&A) of national security systems outside of the DoD.
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
Department of Defense
United States Department of Defense
The United States Department of Defense is the U.S...
(DoD) for managing risk. DIACAP replaced the former process, known as DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process), in 2006.
DoD Instruction (DoDI) 8510.01 establishes a standard DoD-wide process with a set of activities, general tasks and a management structure to certify and accredit an Automated Information System
Automated information system
The term automated information system means an assembly of computer hardware, software, firmware, or any combination of these, configured to accomplish specific information-handling operations, such as communication, computation, dissemination, processing, and storage of information...
(AIS) that will maintain the Information Assurance
Information Assurance
Information assurance is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes...
(IA) posture of the Defense Information Infrastructure (DII) throughout the system's life cycle
Systems Development Life Cycle
The systems development life cycle , or software development life cycle in systems engineering, information systems and software engineering, is a process of creating or altering information systems, and the models and methodologies that people use to develop these systems.In software engineering...
.
DIACAP applies to the acquisition, operation and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. It identifies four phases:
- System Definition
- Verification
- Validation
- Re-Accreditation
DIACAP also uses weighted metrics to describe risks and their mitigation.
The DIACAP processes was refined by the publication of the DIACAP Application Manual. A similar methodology, NIACAP
NIACAP
The National Information Assurance Certification and Accreditation Process is the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national-security information...
, is used for the certification and accreditation (C&A) of national security systems outside of the DoD.