Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Slides:

Advertisements

Similar presentations

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

Advertisements

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

DISN Video Services September 21, 2009 An Overview of the VTF DIACAP Process A Combat Support Agency Defense Information Systems Agency.

The IA Roadmap Baked-in versus Brushed-on Integrating IA into Major Programs Art King IBM Business Consulting Services Acquisition Team, DIAP

Unclassified Slide 1 5/21/ LandWarNet Conference RANK/title Sally Dixon, NETC-EST-IC DSN DIACAP Army Guidance.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

ECE579S/8 #1 Spring 2011 © , Richard A. Stanley ECE579S Computer and Network Security 8: Certification & Accreditation; Red/Black Professor Richard.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Risk Management Framework

IA CERTIFICATION TRAINING AND CONTINUING EDUCATION OPPORTUNITIES IN THE LOCAL AREA PRESENTER: DEBORAH J. SINCLAIR, Ph.D. Standard Technology, Incorporated.

Project Execution.

DISN Video Services October 2, 2009 VTF DIACAP Scorecard Matrix Instructions A Combat Support Agency Defense Information Systems Agency.

An overview of the NIST Risk Management Framework ISA 652 Fall 2010

A Combat Support Agency Defense Information Systems Agency Unified Capabilities Requirements (UCR) Overview Joint Interoperability Test Command.

Information Assurance

CDS CERTIFICATION AND ACCREDITATION PROCESS

Server Virtualization: Navy Network Operations Centers

C &A CS Unit 2: C&A Process Overview using DITSCAP Jocelyne Farah Clinton Campbell.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.

Enterprise Product Implementation Process. Components of a Successful Implementation  A detailed Scope Document for customer review and signoff  Creation.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

NIST Special Publication Revision 1

Why is BCL Needed? BCL addresses long-standing challenges that have impacted the delivery of business capabilities The DepSecDef directed increasing the.

Move over DITSCAP… The DIACAP is here!

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.

1 10/14/2015ã 2007, Spencer Rugaber The Waterfall Process Software plans and requirements Validation System feasibility Validation Product design Verification.

Lecture 11 Managing Project Execution. Project Execution The phase of a project in which work towards direct achievement of the project’s objectives and.

Apply Project Scope Management Techniques Project Scope Processes – Part 2 Certificate IV in Project Management Qualification Code BSB41507 Unit.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven.

University of Southern California Center for Systems and Software Engineering Barry Boehm, USC CS 510 Software Planning Guidelines.

1 Community Asset Management Program (CAMP) Asset Management GFOA Presentation April 3, 2007 Step 3 Visioning Step 4 Design Step 5 Pilot/Rollout “As Is”,

Jewuan Davis DSN Voice Connection Approval Office 18 May 2006 DSN Connection Approval Process (CAP)

Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.

DOE Order 413.3A Program and Project Management for the Acquisition of Capital Assets Catherine Santana Deputy Director, Project Management Systems, OECM.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Defense Security Service Contractor SIPRNet Process June 2013

Software Project Management (SEWPZG622) BITS-WIPRO Collaborative Programme: MS in Software Engineering SECOND SEMESTER /1/ "The content of this.

BSBPMG501A Manage Application of Project Integrative Processes Manage Project Integrative Processes Unit Guide Diploma of Project Management Qualification.

The Second Annual Medical Device Regulatory, Reimbursement and Compliance Congress Presented by J. Glenn George Thursday, March 29, 2007 Day II – Track.

The Project Plan Plan Your Work, then Work Your Plan

HHS CEA Executive Briefing HHS Enterprise Performance Life Cycle (EPLC) and Program/Project Manager (PM) Certification NIH PM Forum September 12, 2007.

Apply Project Scope Management Techniques Project Scope Processes – Part 2 Week 4 Certificate IV in Project Management Qualification Code BSB41507.

 Local commanders understand impact of IA on mission accomplishment  Standard allies and coalition partners can emulate  IA for other workforces (acquisition,

SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

The Risk Management Framework (RMF)

Identify the Risk of Not Doing BA

Certification and Accreditation

Matthew Christian Dave Maddox Tim Toennies

Mumtaz Ali Rajput +92 – SOFTWARE PROJECTMANAGMENT– WEEK 4 Mumtaz Ali Rajput +92 – 301-

Project Integration Management

Albeado - Enabling Smart Energy

Capabilities Briefing

Presentation transcript:

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1

PURPOSE DoD approach to Information Systems (IS) risk management on an enterprise level Mandated Information Assurance (IA) controls and Certification & Accreditation Process to standardize and align DoD ISs Reduce risk to the lowest level possible to maintain the integrity, security and availability of mission critical systems Establish chain of responsibility from Information Assurance Officers (IAOs) all the way to the Designated Approval Authority (DAA) ultimately responsible for accepting the “risk” of the IS Chris Cabuzzi, DIACAP, 12/8/10 2

METHODOLOGY / APPROACH Assumption that all ISs have risks that cannot be completely eliminated (centered on risk management / acceptance) DoD definition of an IS includes personnel who use and administer the system, not just the system itself IA controls implemented for IS dependent on Mission Assurance Category (MAC) of the system, as well as the Classification Level (CL) Recertification / Decommissioning activities included in the IS lifecycle (including changes to IS that may affect security posture) Goal is to obtain an “Authority to Operate” the IS Chris Cabuzzi, DIACAP, 12/8/10 3

PARTS OF A DIACAP PACKAGE System Identification Profile (SIP) – List of system characteristics needed to register the IS with the governing DoD component DIACAP Implementation Plan (DIP) – Defines IA controls, completion dates, responsible parties and implementation status Supporting Certification Documentation – Validation results such as system scans and “artifacts” used to support accreditation DIACAP Scorecard – Results of implementation of baseline IA controls and the accreditation decision of the DAA Plan of Actions and Milestones (POA&M) – List of required actions needed to complete DIP and earn “full” accreditation Chris Cabuzzi, DIACAP, 12/8/10 4

DIACAP PHASES AND ACTIVITIES Phase 1 – Initiate and Plan Phase 2 – Implement and Validate Phase 3 – Make C&A Decisions Phase 4 – Maintain ATO (Review and Update) Phase 5 - Decommission Chris Cabuzzi, DIACAP, 12/8/10 5

QUESTIONS? Chris Cabuzzi, DIACAP, 12/8/10 6