Stands for Department of Defense Information Technology Security Certification and Accreditation Process. A predecessor to DIACAP in the government’s cybersecurity evolution, which is now obsolete as of 2006. DITSCAP was replaced by DoD Information Assurance Certification and Accreditation Process (DIACAP), followed by DoD RMF 8510, which is based on NIST 800-37.
DITSCAP replaced the ‘Rainbow Series’, a set of instructions on how to secure DoD systems as a Trusted Computing Security (TCSEC), more specifically the ‘red’ and ‘orange’ book. The orange book was used to implement the security, and the red was how to validate the security of the system. The DITSCAP and its predecessor implemented and evaluated the security of the system at the beginning of the system implementation and there was not a new evaluation until the system was retired or replaced. As a result, patching or newly identified vulnerabilities could exist in the system for years, until the administrators or certification body would re-assess the security posture and identify the missing patches so that the system could receive an ATO, and be authorized for service for another 3 years.
Applicability: Historically relevant in DoD systems but not actively used.