The United States Department of Defense (DoD) introduced DoD Information Assurance Certification and Accreditation Process (DIACAP) as a risk management standard for to apply on Department of Defense Information Systems.
DIACAP defines a set of activities and structural process for the certification and accreditation (C&A) of DoD Information Systems and it is applied throughout the system’s life cycle.
DIACAP Phase I – Initiate the Plan
This phase includes registring the Information System and assigning IA controls. The further activities are to develop the execution strategy and define the team structure and then kick of the implementation phase.
DIACAP Phase II – Start Implementation and Validation
Excute the implementation plan as defined in earlier phase. The key activity is to conduct validations as per DIACAP standard and compile results as per DIACAP Scorecard.
DIACAP Phase III – Certification Determination
Analyze the risks & gaps in line with Certification standards and make decision for Accreditation.
DIACAP Phase IV – Setup Process for Ongoing Reviews
Setup process and practices to maintain IA standards throughout the System Lifecycle
DIACAP Phase 5- Take Approval to Operate Decision
DIACAP – What’s next
The DIACAP was planned as replacement of previously implemented DoD standard DITSCAP. In future Defense Information Assurance Risk Management Framework (DIARMF) may replace DIACAP.