Skip Navigation Welcome to the DIACAP Implementation Portal Operationalizing DIACAP: Integration of C&A into the System Lifecycle

For Assistance in DIACAP implementation or Training please contact us by either phone or email at:

Photo Treatment - Satellite, Armed Services and Computer

What is DIACAP?

DIACAP is a standardized methodology for evaluating the security posture of Department of Defense (DoD) Information Systems for certification and accreditation (C&A).

It is DoD policy that the Department of Defense will certify information systems through an enterprise process for identifying, implementing and management Information Assurance (IA) capabilities and services. IA capabilities and services are expressed as IA controls as defined in the DoD Instruction 8500.2, information assurance implementation.

What constitutes a DOD Information System?

DOD categorizes information systems into four major categories. AIS, Enclave, Outsourced IT-based Process, and Platform IT Interconnection. DIACAP is implemented for each these types utilizing a lifecycle centric model.

  1. Automated Information System (AIS): A product or deliverable of an acquisition program performing clearly defined functions for which there are readily identifiable security considerations and needs that are addressed as part of the acquisition.
  2. Enclave: A collection of computing environments connected via one or more internal networks, under the control of a single authority and security policy, including personnel and physical security.
  3. Outsourced IT-based Process: A general term used to refer to outsourced business processes supported by private sector information systems, outsourced information technologies, or outsourced information services.
  4. Platform IT Interconnection: Computer resources, both hardware and software, that are physically part of, dedicated to, or essential in real-time to the mission performance of special purpose systems.

DIACAP for Information Systems

The DIACAP, as compared with the previously implemented DITSCAP, approaches the C&A process with a lifecycle and enterprise focus, encouraging and facilitating the implementation of C&A early in lifecycle (e.g. requirements). This approach enables the early engagement of both IA personnel and other key stakeholders (e.g. program managers, systems engineers, developers).


DIACAP enables the stakeholders to link requirements to appropriate IA controls (both system and operational environment specific) early in the lifecycle. This linkage injects C&A into the iterative development process, thus providing more accurate traceability between implementation and system risk.

For Assistance in DIACAP implementation or Training please contact us at:

2008 Hatha Systems