DIACAP Team. Comprised of the individuals responsible for implementing the DIACAP for a specific DoD IS. At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the DoD IS IA manager (IAM), IA officer (IAO), and a user representative (UR) or their representatives. (DoDI 8510.01, E2.25)
*update: DIACAP is DoD Risk Management Framework (2014)
Designated Accrediting Authority (DAA). The official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with designated approving authority and delegated accrediting authority. (Reference (d) leads with the term designated approving authority, which was favored at the time of publication.). (DoDI 8510.01, E2.19) *DAA is Authorization Officer (2014)
Program Manager or System Manager (PM or SM). For the purpose of this Instruction, the individual with responsibility for and authority to accomplish program or system objectives for development, production, and sustainment to meet the user’s operational needs. (DoDI 8510.01, E2.50)
Certifying Authority (CA). The senior official having the authority and responsibility for the certification of ISs governed by a DoD Component IA program. (DoDI 8510.01, E2.12)
Certifying Authority Representative. An official appointed by and acting on behalf of the CA (DoDI 8510.01, E2.13).
IA Manager (IAM). The individual responsible for the information assurance program of a DoD information system or organization. While the term IAM is favored within the Department of Defense, it may be used interchangeably with the IA title Information Systems Security Manager (ISSM). (DoDI 8500.2, E2.1.27). Requirements: Demonstrate Need to know DoDD 8500.1 para: 4.8, US Citizen 8500.2 para: 5.8.3. must fit DoD 8570 applicable certifications.
IA Officer (IAO). An individual responsible to the IAM for ensuring that the appropriate operational IA posture is maintained for a DoD information system or organization. While the term IAO is favored within the Department of Defense, it may be used interchangeably with other IA titles (e.g., Information Systems Security Officer, Information Systems Security Custodian, Network Security Officer, or Terminal Area Security Officer). (DoDI 8500.2, E2.1.28)
Requirements: Demonstrate Need to know DoDD 8500.1 para: 4.8, can be foreign with DAA approval 8500.2 E3.T1 must fit DoD 8570 applicable certifications.
E2.54. Senior Information Assurance Officer (SIAO). The official responsible for directing an organization’s IA program on behalf of the organization’s chief information officer.
The entire DIACAP process has many player involved with give the system a high level of visibility and decentralized responsibility.
Air Force Roles:
The Air Force DAA is AFNETOPS/CC (Gen. Elders, cira 2008). AFCA/CC serves as the DAA Representative (AFPD 33-2, para 5.9.6). The Air Force uses the DAA as the PAA. AFCA/EVSS acts as the Certifying Authority for the Security discipline of the SISSU process. Ref: AF 33-2, AFI 33-210
Lt. Gen. Michael W. Peterson is USAF Chief of Warfighting Integration and Chief Information Officer
Commander Naval Network Warfare Command (COMNETWARCOM).
CO designates, in writing, an Information Assurance Manager (IAM) who serves as POC for all command IA issues and implements command’s IA program. CO also designates, in writing Information Assurance Officer(s) to implement and maintain command’s network security requirements
Ref: SECNAV M-5510.30, Chapter 2
SECNAV M-5510.36, Chapter 2, 6, and 12
SECNAV M-5239.1, DON Information Assurance Program
Ref: AR 25-2
*These roles are different for guard and reserve units