Note: The DIACAP process has been replaced by the Risk Management Framework (RMF) for DoD Information Technology.
The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the Department of Defense (DoD) process to ensure that risk management is applied on information systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the Information Assurance (IA) posture throughout the system’s life cycle. The DIACAP is a mechanism for negotiating IA requirements and capabilities between DoD IS and their supporting enclaves. The DIACAP process is documented in DoD Instruction 8510.01 “DoD Information Assurance Certification and Accreditation Process (DIACAP)” 28 Nov 07.
DIACAP contains the DoD processes for identifying, implementing, validating, certifying, and managing IA measures and services, expressed as Information Assurance Controls (IACs), and authorizing the operation of DoD ISs in accordance with statutory, Federal and DoD requirements. The DIACAP is a comprehensive C&A process that supports and complements the Global Information Grid (GIG).
The DIACAP is a five (5) phase process.
- Initiate and Plan Information Assurance certification and accreditation (C&A)
- Implement and Validate Assigned Information Assurance Controls
- Make Certification Determination & Accreditation Decision
- Maintain Authority to Operate and Conduct Reviews
AcqLinks and References:
- DoD Instruction 8500.01 Cybersecurity – 14 Mar 2014
- DoDI 8510.01 “Risk Management Framework for DoD Information Technology” – 24 May 2016
- CJCSI 6212.01F “Net Ready Key Performance Parameter (NR KPP)” – 12 Mar 12
- White Paper: DIACAP Background
- Handbook: NAVY DoD Information Assurance Certification and Accreditation Process Handbook