I’m still learning but it looks like the Air Force is going to implement the DIACAP with its IT Lean/SISSU implementation.
IT Lean is an initiative that is supposed to streamline the system aquisition process (more on IT Lean) by eventually getting rid of the Certificate to Operate (CTO)/Certificate of Networthiness (CON) process. SISSU stands for Security, Interoperability, Supportability, Sustainability and Usability process. All this will be possibly automated with something I am slowly begining to HATE called EITDR – Enterprise Information Technology Data Repository. The reason it rubs me the wrong way is the level of questions I have had to answer. Some of the questions are so high level I have not clue what they are even remotely talking about. And then when I ask the people who run the system to give me some hints on how to answer the questions they know even less than I do about it. So I ask, “can you give me the POC that put the question in the system?” They give me some contacts and lo and behold the contacts have no idea what the fuck I’m talking about.
Just frustrating, thats all. Some of the questions are Zen like in that they have no answer and seemingly no questioner. They just ARE.
***20 April 2009 Update***********
That actual DIACAP portion of the EITDR isn’t that bad. There are hundreds of questions in the EITDR but only some of those are necessary for a system when it starts the SISSU/IT Lean/DIACAP process.
We used to answer ALL 500 questions in the EITDR most of which were very, very high level. Now the system is pretty specific and walks you through the DIACAP process.