Warning: Parameter 1 to Language::getMagic() expected to be a reference, value given in /home/govitwik/public_html/w/includes/StubObject.php on line 58
Defense Information Assurance Certifications and Accreditation Process (DIACAP) - GovITwiki

Defense Information Assurance Certifications and Accreditation Process (DIACAP)

From GovITwiki

Jump to: navigation, search

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied on Information Systems from an enterprise view. DIACAP is a DoD-wide standard set of activities, tasks and process for the certification and accreditation of a DoD information system that will maintain the Information Assurance posture throughout the system's life cycle.

A key goal of the process is to make certain that risk management considerations are applied to Defense Department information systems.

DIACAP is a set of standard activities, tasks plus a management structure to help with certification and accreditation of a DoD system. This includes assurance that the system that will preserve the information assurance (IA) position throughout its life cycle.

View Our Books and Articles About Information Assurance and DIACAP


Interim DIACAP version signed July 6, 2006. The final version, DoD Instruction 8510.01 signed on November 28, 2007, supersedes the Interim version. The document is sometimes referred to as DOD Instruction 8510.1.

It's forerunner was known as DITSCAP. The major difference between DIACAP and DITSCAP is a strengthened focus on information assurance controls (defined in DoD NUMBER 8510.01 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system's mission assurance category (MAC) and confidentiality level (CL).

The DIACAP includes the following phases and activities:

DIACAP Phase 1 – Initiate and Plan

• Register System

• Assign IA controls

• Assemble DIACAP Team

• Develop DIACAP Strategy

• Initiate IA Implementation Plan

DIACAP Phase 2 – Implement and Validate

• Execute and Update IA Implementation Plan

• Conduct Validation Activities

• Compile Validation Results- DIACAP Scorecard

DIACAP Phase 3 – Make C&A Decisions

• Analyze Residual Risk

• Issue Certification Determination

• Make Accreditation Decision

DIACAP Phase 4 – Maintain ATO/Reviews

• Initiate and Update Lifecycle Implementation Plan for IA Controls

• Maintain Situational Awareness

• Maintain IA Posture

DIACAP Phase 5- Decommission

• Conduct activities related to the disposition of the DIACAP registration information and system related data or objects in GIG supporting IA infrastructure and core enterprise services

External Links

Personal tools