What is DIACAP?
DIACAP is a standardized methodology for evaluating the security posture of Department of Defense (DoD) Information Systems for certification and accreditation (C&A).
It is DoD policy that the Department of Defense will certify information systems through an enterprise process for identifying, implementing and management Information Assurance (IA) capabilities and services. IA capabilities and services are expressed as IA controls as defined in the DoD Instruction 8500.2, information assurance implementation.
- Interim Department of Defense Information Assurance Certification and Accreditation Process Guidance Memo, July 6, 2006
- DoDI 8510.01, Department of Defense Information Assurance Certification and Accreditation Process, November 28, 2007
- DoDD 8500.1, Information Assurance (IA), October 24, 2002
- DoDI 8500.2, Information Assurance (IA) Implementation, February 6, 2003
- DIACAP Frequently Asked Questions (FAQs)
What constitutes a DOD Information System?
DOD categorizes information systems into four major categories. AIS, Enclave, Outsourced IT-based Process, and Platform IT Interconnection. DIACAP is implemented for each these types utilizing a lifecycle centric model.
- Automated Information System (AIS): A product or deliverable of an acquisition program performing clearly defined functions for which there are readily identifiable security considerations and needs that are addressed as part of the acquisition.
- Enclave: A collection of computing environments connected via one or more internal networks, under the control of a single authority and security policy, including personnel and physical security.
- Outsourced IT-based Process: A general term used to refer to outsourced business processes supported by private sector information systems, outsourced information technologies, or outsourced information services.
- Platform IT Interconnection: Computer resources, both hardware and software, that are physically part of, dedicated to, or essential in real-time to the mission performance of special purpose systems.
DIACAP for Information Systems
The DIACAP, as compared with the previously implemented DITSCAP, approaches the C&A process with a lifecycle and enterprise focus, encouraging and facilitating the implementation of C&A early in lifecycle (e.g. requirements). This approach enables the early engagement of both IA personnel and other key stakeholders (e.g. program managers, systems engineers, developers).
DIACAP enables the stakeholders to link requirements to appropriate IA controls (both system and operational environment specific) early in the lifecycle. This linkage injects C&A into the iterative development process, thus providing more accurate traceability between implementation and system risk.
For Assistance in DIACAP implementation or Training please contact us at:
© 2008 Hatha Systems