DIACAP is a standardized methodology for evaluating the security posture of Department of Defense (DoD) Information Systems for certification and accreditation (C&A).
It is DoD policy that the Department of Defense will certify information systems through an enterprise process for identifying, implementing and management Information Assurance (IA) capabilities and services. IA capabilities and services are expressed as IA controls as defined in the DoD Instruction 8500.2, information assurance implementation.
DOD categorizes information systems into four major categories. AIS, Enclave, Outsourced IT-Based Process, and Platform IT Interconnection. DIACAP is implemented for each type utilizing a lifecycle model
DIACAP approaches the C&A process with a lifecycle and enterprise focus, encouraging and facilitating the implementation of C&A early in lifecycle
DIACAP encourages the early engagement of both IA personnel and other key stakeholders (e.g. program managers, system engineers, developers).
DIACAP enables the stakeholders to link requirements to appropriate IA controls (both system and operational environment specific) early in the lifecycle. This linkage injects C&A into the iterative development process, thus providing more accurate traceability between implementation and system risk
Affects Everything that Operates Electronically