What is the difference between DIACAP and RMF?
DIACAP authorized a sole DAA to make authorization decisions for each system under evaluation. RMF replaces DAAs with authorizing officials, or AOs, who can provide authorization in a joint fashion. It’s easy to see how such changes might result in more effective oversight.
What is DIACAP compliance?
The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the Department of Defense (DoD) process to ensure that risk management is applied on Information Systems (IS). EventTracker believes that it is crucial to monitor for compliance in a manner as close to real-time as possible.
What are the four phases of the certification and accreditation process?
The certification and accreditation process consists of a four-phase life cycle: initiation, certification, accreditation, and continuous monitoring. Throughout all four phases there are several roles participating in the process, and each role is responsible for the execution of specific tasks.
When did DIACAP replace Ditscap?
2007
In 2007, DITSCAP was replaced with DIACAP, Defense Information Assurance Certification & Accreditation Process. DIACAP was much more enterprise-centric and also drew from the DoD 8500.2 standard control set.
What phases does DIACAP identify?
The DIACAP phases are: initiating the plan, implementing and validating the assigned IA controls, making certification determination and accreditation decision, maintaining authorization to operating and conducting reviews, and decommissioning (the system).
When did Diacap replace Ditscap?
Is DoDI 8500.2 still valid?
Well, the short answer is there will be no revised DoDI 8500.2 — DoD has decided to simply rescind it. A few of the key NIST and CNSS publications that are being “adopted” by DoD are: ♦ NIST Special Publication (SP) 800- 53, Revision 4.
What are the phases of DIACAP?
The DIACAP is a five (5) phase process.
- Initiate and Plan Information Assurance certification and accreditation (C&A)
- Implement and Validate Assigned Information Assurance Controls.
- Make Certification Determination & Accreditation Decision.
- Maintain Authority to Operate and Conduct Reviews.
- Decommission.
What are the four phases of Niacap?
The NIACAP is composed of four phases (Figure 1): Definition, Verification, Validation, and Post Accreditation.
What are the Diacap phases?
What is the difference between DIACAP and niacap?
DIACAP is the C&A guidance for federal departments and agencies that fall under the Department of Defense and NIACAP is the guidance for all other departments, agencies, and bureaus of the executive branch of the federal government (Zadjura 2003). What is DIACAP (DoD Information Assurance Certification and Accreditation Process)?
Are there any major problems with the DIACAP system?
But one major problem still remained. While the DoD used DIACAP, the rest of the Federal Government and the Intelligence Community used completely different C&A processes and control sets, making interconnectivity between these systems virtually impossible without a lengthy discovery and translation process.
What kind of control set does the DOD use for DIACAP?
This represents a quantum leap in efficiency and cost savings. Currently, DoD uses the DODI 8500.2 control set for the DIACAP implementation. With the move to RMF, DoD agencies and components will need to move to the NIST SP 800-53 Revision 4 control set to match the controls used by the rest of the Federal Government.
What’s the difference between DIACAP and RMF assessment?
In DIACAP this recommendation was incorrectly called a “certification”, leaving many wondering why they still couldn’t go live after their system was “certified”. To avoid confusion, RMF will call this step an “assessment”.