Department of Defense Information Assurance Certification and Accreditation Process
||This article includes a list of references, related reading or external links, but its sources remain unclear because it lacks inline citations. (July 2013)|
The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied on information systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the information assurance (IA) posture throughout the system's life cycle.
NOTE: As of March 12th 2014, the DIACAP is obsolete and has been replaced by the "Risk Management Framework (RMF) for DoD Information Technology (IT)". The DoD RMF aligns with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). 
An interim version of the DIACAP was signed July 6, 2006, and superseded DITSCAP. The final version is titled Department of Defense Instruction 8510.01 and was signed on November 28, 2007. It supersedes the Interim DIACAP Guidance.
One major change in DIACAP from DITSCAP is the embracing of the idea of information assurance controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system's mission assurance category (MAC) and confidentiality level (CL).
- System Identification Profile
- DIACAP Implementation Plan
- Certification Determination
- DIACAP Scorecard
- Authorization to Operate Decision
- Residual Risk Acceptance
- DIACAP Guidance at the DoD Information Assurance Support Environment
- DIACAP Knowledge Service (requires DoD PKI certificate)
- Full list of DIACAP Phases with instructions at GovITwiki.
- DPT. Of Defense Instruction 8510.01: DoD Information Assurance Certification and Accreditation Process
- Department of Defense Directive 8500.1: Information Assurance (IA)
- Department of Defense Instruction 8500.2: Information Assurance (IA) Implementation
|This article relating to law in the United States, or its constituent jurisdictions is a stub. You can help Wikipedia by expanding it.|