4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.

Slides:



Advertisements
Similar presentations
Document management Rev. Description Author Date 0.0 First draft
Advertisements

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Presentation for the Management Study of the Code Enforcement Process City of Little Rock, Arkansas August 3, 2006.
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
DISN Video Services September 21, 2009 An Overview of the VTF DIACAP Process A Combat Support Agency Defense Information Systems Agency.
Unclassified Slide 1 5/21/ LandWarNet Conference RANK/title Sally Dixon, NETC-EST-IC DSN DIACAP Army Guidance.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
22000 Food Safety Management Systems
Overarching Roles of Critical Partners In A Project 9:30 – 10:00 Rob Curlee, FMO Joseph Dominque, OCISO Mike Perry, EA.
Introduction & Background Laurene Christensen National Center on Educational Outcomes National Center on Educational Outcomes (NCEO)
Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.
Information Systems Security Officer
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
ECM Project Roles and Responsibilities
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE , Fall Security Strategies.
Risk Management Framework
DISN Video Services October 2, 2009 VTF DIACAP Scorecard Matrix Instructions A Combat Support Agency Defense Information Systems Agency.
Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.
9/11/ SUPPORT THE WARFIGHTER DoD CIO 1 Sample Template Community of Interest (COI) Steering Committee Kick-off Date: POC: V1.0.
DoD Acquisition Domain (Sourcing) (DADS) Analysis of Alternatives (AoA) E-Business/SPS Joint Users’ Conference November 15-19, 2004 Houston, TX.
Agenda Teams Responsibilities Timeline Homework and next steps.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire.
NIST Special Publication Revision 1
Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.
Information Assurance The Coordinated Approach To Improving Enterprise Data Quality.
Move over DITSCAP… The DIACAP is here!
Certificate IV in Project Management Introduction to Project Management Course Number Qualification Code BSB41507.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Evaluation and Testbed Development Bhavani Thuraisingham The University of Texas at Dallas Jim Massaro and Ravi Sandhu.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
Basic of Project and Project Management Presentation.
Role-Based Guide to the RUP Architect. 2 Mission of an Architect A software architect leads and coordinates technical activities and artifacts throughout.
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Georgia Institute of Technology CS 4320 Fall 2003.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Jewuan Davis DSN Voice Connection Approval Office 18 May 2006 DSN Connection Approval Process (CAP)
Defense Information Systems Agency A Combat Support Agency E3 Engineering Division 13 December 2011 Defense Information Systems Agency A Combat Support.
TEAM Coordinating Committee Training (TCC).  Introductions  Mission of the TEAM Program  Design of the TEAM Program  Overview of the Module Process.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
State of Georgia Release Management Training
 Local commanders understand impact of IA on mission accomplishment  Standard allies and coalition partners can emulate  IA for other workforces (acquisition,
ISO 9001 Quality Management System implementation experience in the Agency on Statistics of the Republic of Kazakhstan (ASRK) Zhasser Jarkinbayev, ASRK.
ESS | title of presentation | 2012-xx-xx | name of presenter Roles and Responsibilities sub title.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
DoD Template for Application of TLCSM and PBL
Office 365 Security Assessment Workshop
Software Quality Control and Quality Assurance: Introduction
Defense Information Systems Agency A Combat Support Agency
TechStambha PMP Certification Training
Electronic Records Management Program
Description of Revision
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
Capabilities Briefing
{Project Name} Organizational Chart, Roles and Responsibilities
(Insert Title of Project Here) Kickoff Meeting
Bridging the ITSM Information Gap
Presentation transcript:

4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009

Michael J. Cohen2 Agenda Research Objectives The Global Information Grid Introduction to DIACAP The Process The DIACAP Package Findings

4/29/2009Michael J. Cohen3 Research Objectives Assist Boeing with instruction for new Information Assurance Professionals on what DoDI (DIACAP) is and how it is applied. Use a sample architecture provided by Boeing to demonstrate the implementation of DIACAP.

4/29/2009Michael J. Cohen4 Related Research Hurkute S., Bele K., Nam, S., et. al “Apply DITSCAP to Evaluate a PTC based Secure E-Voting System”. –Retrieved from votingDITSCAPProject.ppt votingDITSCAPProject.ppt Wilson, B., “Move Over DITSCAP…The DIACAP is Here!”. –Retrieved from CAPClassPresentation.ppt CAPClassPresentation.ppt

4/29/2009Michael J. Cohen5 The Global Information Grid “The Global Information Grid1 (GIG) consists of information capabilities – information, information technology (IT), and associated people and processes that support Department of Defense (DoD) personnel and organizations in accomplishing their tasks and missions – that enable the access to, exchange, and use of information and services throughout the Department and with non-DoD mission partners. The principal function of the GIG is to support and enable DoD missions, functions, and operations. Therefore, the way that DoD warfighters, business and intelligence personnel operate must drive the way the GIG is designed, developed, acquired, implemented, and operated.” -The DoD Global Information Grid Architectural Vision (2007)

4/29/2009Michael J. Cohen6

4/29/2009Michael J. Cohen7 DoD Global Information Grid Examples of DoD Systems include: –Joint Tactical Radio System (JTRS) –Warfighter Information Network Tactical (WIN-T) –Intelligence Community System for Information Sharing (ICSIS) What do these systems have in common? –They must not be compromised in terms of: Confidentiality Integrity Availability Information Assurance is an understandable concern.

4/29/2009Michael J. Cohen8 DIACAP Department of Defense (DoD) Information Assurance Certification and Accreditation Process This process ensures that a DoD information system meet the appropriate security policies throughout its entire lifecycle.

4/29/2009Michael J. Cohen9 Why is a process necessary? Defines the steps necessary to implement the security policies. Guarantees that security requirements are implemented consistently throughout the system. Creates a paper trail.

4/29/2009Michael J. Cohen10 3 Components Needed for Implementation The DIACAP Process DIACAP Knowledge Service –Online knowledge base maintained by the DoD that contains the most current information on IA controls. Automated C&A Tool that automates workflow –DoD recommends eMASS (Enterprise Mission Assurance Support Service) –Boeing uses the I-Assure DIACAP Toolset

4/29/2009Michael J. Cohen11 The DIACAP Process

4/29/2009Michael J. Cohen12 Tasks for Initiating and Planning IA C&A Registering the System –System is registered with the DoD –Confidentiality level is defined Assigning IA Controls –Security requirements are defined based on the level of mission criticality (MAC level) and confidentiality Assembling the DIACAP Team Initiating the Implementation Plan

4/29/2009Michael J. Cohen13 DIACAP Implementation Team Roles Designated Accrediting Authority (DAA) –Signs off on Accreditation status –Ultimately responsible for the system Certifying Authority (CA) –Makes the certification recommendation –Oversees those performing the evaluation Information Assurance Officer (IAO) –Ensures that appropriate security is maintained on the system Information Assurance Manager (IAM) –Coordinates and supports the missions of the other team members –Technical Lead

4/29/2009Michael J. Cohen14 DIACAP Implementation Roles (cont.) Program Manager / System Manger (PM/SM) –Manages Implementation User Rep –Represents the user community to ensure that user needs of the system are met

4/29/2009Michael J. Cohen15 Tasks for Implementing & Validating IA Controls Executing the Implementation Plan Conduct validation Prepare POA&M (if necessary) Enter results into DIACAP Scorecard

4/29/2009Michael J. Cohen16 Tasks for Certification & Accreditation Determination The CA makes a certification determination –Based on actual results of the implementation and testing of IA controls The DAA issues an accreditation decision –Based on the CA’s recommendation along with the mission and business need. DAA’s decision can be one of the following: –Authorization to Operate (ATO) –Interim Authorization to Operate (IATO) –Interim Authorization to Test (IATT) –Denial of Authorization to Operate (DATO) All systems must be reaccredited every 3 years

4/29/2009Michael J. Cohen17 Tasks for Maintaining Authorization to Operate Managed by IAM Maintaining situational awareness Maintaining security Initiate corrective action when necessary Conduct annual reviews of IA controls

4/29/2009Michael J. Cohen18 Tasks for Decommissioning Make sure there are no negative impacts to other systems Update the SIP Remove and dispose of POA&M and DIACAP scorecard from all tracking systems Retire system according to the appropriate requirements and procedures

4/29/2009Michael J. Cohen19 DIACAP Package Generated through the implementation of the DIACAP process. Comprehensive Package Contents: –System Identification Profile (SIP) –DIACAP Implementation Plan (DIP) –DIACAP Scorecard –IT Security Plan of Action & Milestones (POA&M) (Optional) –Supporting Certification Documentation

4/29/2009Michael J. Cohen20 Sample Architecture

4/29/2009Michael J. Cohen21 System Identification Profile (SIP)

4/29/2009Michael J. Cohen22 DIACAP Implementation Plan (DIP)

4/29/2009Michael J. Cohen23 DIACAP Scorecard

4/29/2009Michael J. Cohen24 DIACAP POA&M

4/29/2009Michael J. Cohen25 Findings The project was not as simple as simply running the I-Assure tool to generate the deliverables. There is not a lot of documentation online regarding DIACAP.

4/29/2009Michael J. Cohen26 Conclusion The following was learned from this research project: –The DIACAP methodology. –The usage of a third party tool (I-Assure) tool in implementing DIACAP.

4/29/2009Michael J. Cohen27 References Cooper, Ronald. Boeing Mentor. Department of Defense. (2009). DIACAP Training Module. DoD Information Assurance Support Environment.Retrieved from

4/29/2009Michael J. Cohen28

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.