Information Technology

DoD Information Assurance Certification and Accreditation Process (DIACAP) (Replaced)

Note: The DIACAP process has been replaced by the Risk Management Framework (RMF) for DoD Information Technology.


(Replaced) The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the Department of Defense (DoD) process to ensure that risk management is applied on information systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the Information Assurance (IA) posture throughout the system’s life cycle. The DIACAP is a mechanism for negotiating IA requirements and capabilities between DoD IS and their supporting enclaves. The DIACAP process is documented in DoD Instruction 8510.01 “DoD Information Assurance Certification and Accreditation Process (DIACAP)” 28 Nov 07.

Handbook: NAVY DoD Information Assurance Certification and Accreditation Process Handbook

DIACAP contains the DoD processes for identifying, implementing, validating, certifying, and managing IA measures and services, expressed as Information Assurance Controls (IACs), and authorizing the operation of DoD ISs in accordance with statutory, Federal and DoD requirements. The DIACAP is a comprehensive C&A process that supports and complements the Global Information Grid (GIG).

The DIACAP is a five (5) phase process.

  1. Initiate and Plan Information Assurance certification and accreditation (C&A)
  2. Implement and Validate Assigned Information Assurance Controls
  3. Make Certification Determination & Accreditation Decision
  4. Maintain Authority to Operate and Conduct Reviews
  5. Decommission

AcqLinks and References:

Updated: 6/11/2018

Leave a Reply