Top
Browse > Home / Archive by category 'sissu'

DIACAP Essentials + IA Control Validation Training (part 4): DIACAP/AFCAP Day 4 & 5

July 2, 2009

Days 4 & 5 bring the DIACAP/AFCAP Essentials Class to a close. The
biggest things I learned were: CNSSI 4009 is the the official glossary of DOD IA, there is a big difference between theory, policy and practice, Agents of the Certifying Authority (ACA) are official validators and there is a difference between acquisition Mission criticality and IA MAC levels.

Stuff I learned from people in the class:

-AFCA is changing its name (to what?)

DOD is going to put the new IA controls in NCSSI 12-53 (currently in draft)

-a lot of what I need in there is in NIST 800-53

Marines use something called Exacta

Site called securitycritics.org

33-202 is now completely irrelevant and obsolete (not even mentioned ONCE in the class)

800-30

Feds call Certification &Accreditation (C&A) “Security authorization”

NIST SP 800-37

Day 4:

Validator Activities & Issue Accreditation Decision

Prepare POA&M

Validate Results/Scorecard

Scorecard

Make certification determination

CA/DAA Package review

Day 5:

Validation procedures were discussed. On day five, we looked at how the validators look at a system.

I thought is was interesting. It should help me get through the EITDR/DIACAP process easier.

Maintain Situational Awareness

Maintain IA Posture

Conduct Review

R-Accreditation

Retire system

Popularity: 2% [?]

Written by elamb.security · Filed Under Assurance, Assurance/DIACAP, Assurance/DITSCAP, Assurance/Netcentric, Assurance/SSAA, EITDR, FISMA, Main Digg, emass, information assurance, security, sissu 

DIACAP Essentials + IA Control Validation Training (part 4): DIACAP/AFCAP Day3

July 2, 2009

Day 3 heats up a little. We start talking about what it take to actually get validated. The DIACAP Implementers Guide & the DIACAP Validators guide is opened up and reviewed. I think we all learned a little something during this discussion because there have been some challenges with this. Unfortunately, we don’t to far into the validator stuff.

Day 3:

DIACAP Structure

Terminology Review

Assemble DIACAP Team

Registered System/System Information Profile

Assign IA Controls

Initiate DIACAP Implementation Plan

Popularity: 2% [?]

Written by elamb.security · Filed Under Assurance, Assurance/DIACAP, Assurance/DITSCAP, Assurance/Netcentric, Assurance/SSAA, EITDR, FISMA, Main Digg, information assurance, sissu 

Security, Interoperability, Supportability, Sustainability and Usability (SISSU)

February 5, 2008

 

The Security, Interoperability, Supportability, Sustainability and Usability (SISSU) is considered a part of the USAF IT LEAN process.  SISSU is a comprehensive database of security controls (IA Controls) addressed in DoDI 8500.02 needed to complete the DIACAP process. 

 

The SISSU questions includes everything from documentation of the system to physical security, to network security.  To access the SISSU process in the EITDR one need an account and “stakeholders list” approval via AFCA/EV.

 

Security, Interoperability, Supportability, Sustainability and Usability are each considered disciplines.  Each discipline is assigned a set of roles: producer, reviewer, validator, and approver.  Once all of these roles have done their part on each of their applicable questions in a given discipline they can move on to the next phase.  The phases are Define Need, Design, Build & Test, and Release.

Popularity: 10% [?]

Written by elamb · Filed Under Assurance/DIACAP, EITDR, sissu 

Bottom