Refers to DoD Information Assurance and Certification Accreditation Process based on DoD instruction 8510.00. It’s an old method superseded by DoD Risk Management Framework (RMF) or Department of Defense Instruction (DODI) 8510 for DoD systems. DIACAP required that Information Systems undergo the certification and accreditation process every (3) three years, and didn’t consider risks or changes to the operating landscape. The DIACAP process incorporates separation duties throughout the development, testing and sustainment phases of an information system. Along with considerations for each agency’s mission area(MA), and support services (GSS) are taken into consideration for what is necessary to allow a system to operate.  Where DIACAP improved over DITSCAP was that the risk to system for patching vulnerabilities, and anti-malware, were looked upon as on-going. The organization’s personnel now were required to manage several of controls throughout the lifecycle of the system, and captured in the Plan of Action and Milestones (POAM).

 

Applicability: Relevant historically in DoD systems, but mostly outdated; replaced by DoD Risk Management Framework (DoDRMF) which is based upon the NIST RMF 800-37.

URL: DoD IA Certification and Accreditation Process

Microsoft PowerPoint – DSAWG DIACAP Diagrams (disa.mil)