Copyright
© 2013 | Black Rock Engineering and Technology

What

is

DIACAP

DIACAP is a standardized methodology for evaluating the security posture of Department of Defense (DoD) Information Systems for certification and accreditation (C&A).

It is DoD policy that the Department of Defense will certify information systems through an enterprise process for identifying, implementing and management Information Assurance (IA) capabilities and services. IA capabilities and services are expressed as IA controls as defined in the DoD Instruction 8500.2, information assurance implementation.

What is a DIACAP Information

System

DOD categorizes information systems into four major categories. AIS, Enclave, Outsourced IT-Based Process, and Platform IT Interconnection. DIACAP is implemented for each type utilizing a lifecycle model


  1. Automated Information System (AIS): A product or deliverable of an acquisition program performing clearly defined functions for which there are readily identifiable security considerations and needs that are addressed as part of the acquisition.
  2. Enclave: A collection of computing environments connected via one or more internal networks, under the control of a single authority and security policy, including personnel and physical security.
  3. Outsourced IT-based Process: A general term used to refer to outsourced business processes supported by private sector information systems, outsourced information technologies, or outsourced information services.
  4. Platform IT Interconnection: Computer resources, both hardware and software, that are physically part of, dedicated to, or essential in real-time to the​ mission performance of special purpose systems.

DIACAP for Information

Systems

DIACAP approaches the C&A process with a lifecycle and enterprise focus, encouraging and facilitating the implementation of C&A early in lifecycle 


DIACAP encourages the early engagement of both IA personnel and other key stakeholders (e.g. program managers, system engineers, developers).


DIACAP enables the stakeholders to link requirements to appropriate IA controls (both system and operational environment specific) early in the lifecycle.  This linkage injects C&A into the iterative development process, thus providing more accurate traceability between implementation and system risk


DOD and FEDERAL Cyber Security Compliance

Affects Everything that Operates Electronically