Presentation is loading. Please wait.

Presentation is loading. Please wait.

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1."— Presentation transcript:

1 Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1

2 PURPOSE DoD approach to Information Systems (IS) risk management on an enterprise level Mandated Information Assurance (IA) controls and Certification & Accreditation Process to standardize and align DoD ISs Reduce risk to the lowest level possible to maintain the integrity, security and availability of mission critical systems Establish chain of responsibility from Information Assurance Officers (IAOs) all the way to the Designated Approval Authority (DAA) ultimately responsible for accepting the “risk” of the IS Chris Cabuzzi, DIACAP, 12/8/10 2

3 METHODOLOGY / APPROACH Assumption that all ISs have risks that cannot be completely eliminated (centered on risk management / acceptance) DoD definition of an IS includes personnel who use and administer the system, not just the system itself IA controls implemented for IS dependent on Mission Assurance Category (MAC) of the system, as well as the Classification Level (CL) Recertification / Decommissioning activities included in the IS lifecycle (including changes to IS that may affect security posture) Goal is to obtain an “Authority to Operate” the IS Chris Cabuzzi, DIACAP, 12/8/10 3

4 PARTS OF A DIACAP PACKAGE System Identification Profile (SIP) – List of system characteristics needed to register the IS with the governing DoD component DIACAP Implementation Plan (DIP) – Defines IA controls, completion dates, responsible parties and implementation status Supporting Certification Documentation – Validation results such as system scans and “artifacts” used to support accreditation DIACAP Scorecard – Results of implementation of baseline IA controls and the accreditation decision of the DAA Plan of Actions and Milestones (POA&M) – List of required actions needed to complete DIP and earn “full” accreditation Chris Cabuzzi, DIACAP, 12/8/10 4

5 DIACAP PHASES AND ACTIVITIES Phase 1 – Initiate and Plan Phase 2 – Implement and Validate Phase 3 – Make C&A Decisions Phase 4 – Maintain ATO (Review and Update) Phase 5 - Decommission Chris Cabuzzi, DIACAP, 12/8/10 5

6 QUESTIONS? Chris Cabuzzi, DIACAP, 12/8/10 6

Download ppt "Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1."

Similar presentations

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.

4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
DISN Video Services September 21, 2009 An Overview of the VTF DIACAP Process A Combat Support Agency Defense Information Systems Agency.

DISN Video Services September 21, 2009 An Overview of the VTF DIACAP Process A Combat Support Agency Defense Information Systems Agency.
The IA Roadmap Baked-in versus Brushed-on Integrating IA into Major Programs Art King IBM Business Consulting Services Acquisition Team, DIAP 703.604.1480.

The IA Roadmap Baked-in versus Brushed-on Integrating IA into Major Programs Art King IBM Business Consulting Services Acquisition Team, DIAP
Unclassified Slide 1 5/21/2015 2007 LandWarNet Conference RANK/title Sally Dixon, NETC-EST-IC DSN 332-7376 DIACAP Army Guidance.

Unclassified Slide 1 5/21/ LandWarNet Conference RANK/title Sally Dixon, NETC-EST-IC DSN DIACAP Army Guidance.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
ECE579S/8 #1 Spring 2011 © 2000-2011, Richard A. Stanley ECE579S Computer and Network Security 8: Certification & Accreditation; Red/Black Professor Richard.

ECE579S/8 #1 Spring 2011 © , Richard A. Stanley ECE579S Computer and Network Security 8: Certification & Accreditation; Red/Black Professor Richard.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Risk Management Framework

Risk Management Framework
IA CERTIFICATION TRAINING AND CONTINUING EDUCATION OPPORTUNITIES IN THE LOCAL AREA PRESENTER: DEBORAH J. SINCLAIR, Ph.D. Standard Technology, Incorporated.

IA CERTIFICATION TRAINING AND CONTINUING EDUCATION OPPORTUNITIES IN THE LOCAL AREA PRESENTER: DEBORAH J. SINCLAIR, Ph.D. Standard Technology, Incorporated.
Project Execution.

Project Execution.

Similar presentations

Ads by Google