Menu

Introduction to PCI DSS (Payment Card Industry Data Security Standard)   Introduction to PCI DSS (Payment Card Industry Data Security Standard)   

Data Protection Act 1998   Data Protection Act 1998   

Secure HTML Practices   Secure HTML Practices   

SQL Injection Attack - Introduction and Mitigation Steps   SQL Injection Attack - Introduction and Mitigation Steps   

Cross Site Scripting (XSS) – Introduction and Mitigation Steps   Cross Site Scripting (XSS) – Introduction and Mitigation Steps   

Audit and Testing Tools for Web Application Security   Audit and Testing Tools for Web Application Security   

Threat Modeling for Web Application Security - Practice Guide   Threat Modeling for Web Application Security - Practice Guide   

DIACAP – DoD Information Assurance Certification and Accreditation Process

Published on: 8/17/2014
Topic: Cyber Security Compliance Standards

The United States Department of Defense (DoD) introduced DoD Information Assurance Certification and Accreditation Process (DIACAP) as a risk management standard for to apply on Department of Defense Information Systems.

DIACAP defines a set of activities and structural process for the certification and accreditation (C&A) of DoD Information Systems and it is applied throughout the system’s life cycle.

What constitutes a DOD Information System?

DIACAP Phase I – Initiate the Plan

This phase includes registring the Information System and assigning IA controls. The further activities are to develop the execution strategy and define the team structure and then kick of the implementation phase.

DIACAP Phase II – Start Implementation and Validation

Excute the implementation plan as defined in earlier phase. The key activity is to conduct validations as per DIACAP standard and compile results as per DIACAP Scorecard.

DIACAP Phase III – Certification Determination

Analyze the risks & gaps in line with Certification standards and make decision for Accreditation.

DIACAP Phase IV – Setup Process for Ongoing Reviews

Setup process and practices to maintain IA standards throughout the System Lifecycle

DIACAP Phase 5- Take Approval to Operate Decision

DIACAP – What’s next

The DIACAP was planned as replacement of previously implemented DoD standard DITSCAP. In future Defense Information Assurance Risk Management Framework (DIARMF) may replace DIACAP.


[Show All Sections]