The DIACAP includes the same things that the DITSCAP has with two major differerences: netcentric environments and GIG standards. With these two (and MANY other changes) it seems that this evolution of the DITSCAP has to take place. So many major levels of Information Assurance in the DoD and abroad have changed that DITSCAP will have to embrace them to stay relevant.
The DIACAP policies will come from DoD Directive/Instruction 8500.01E/.2. [fixed 22 Aug 07]
The DIACAP supports Information Systems transitioning to netcentric environments and GIG Standards by:
- Ensuring uniformity of approach
- Managing and disseminating Information Assurance Design, implementation, validation, sustainement and approach
- Being able to handle differing system
- facilitating a dynamic environment
Information Assurance will be implemented with Information Assurance Controls as defined by DoDI 8500.2 and maintained through a DoD wide configuration management process that considers the GiG architecture and risk assessments conducted at the DoD component level in accordance with FISMA.
The DIACAP will support the ongoing validation to maintain the Information Assurance posture of an Information System. DoD component IA Programs are the primary method of supporting the DoD Information Assurance Program.
Status of all systems in the DIACAP program will be available to all who have authorized access.
Ready to actually get the RMF/ISSO job?
Go from reading about the Risk Management Framework to doing it — with the full video course, the books, and a community of GRC professionals taught by Bruce Brown (CISSP, CGRC).
Get the RMF ISSO Foundations course → Browse the RMF & GRC books Join the free GRC community
Leave a Reply