Defense Information Assurance Certifications and Accreditation Process (DIACAP)
From Govit
The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied on Information Systems from an enterprise view. DIACAP is a DoD-wide standard set of activities, tasks and process for the certification and accreditation of a DoD information system that will maintain the Information Assurance posture throughout the system's life cycle.
The DIACAP includes the following phases and activities:
DIACAP Phase 1 – Initiate and Plan
• Register System
• Assign IA controls
• Assemble DIACAP Team
• Develop DIACAP Strategy
• Initiate IA Implementation Plan
DIACAP Phase 2 – Implement and Validate
• Execute and Update IA Implementation Plan
• Conduct Validation Activities
• Compile Validation Results- DIACAP Scorecard
DIACAP Phase 3 – Make C&A Decisions
• Analyze Residual Risk
• Issue Certification Determination
• Make Accreditation Decision
DIACAP Phase 4 – Maintain ATO/Reviews
• Initiate and Update Lifecycle Implementation Plan for IA Controls
• Maintain Situational Awareness
• Maintain IA Posture
DIACAP Phase 5- Decommission
• Conduct activities related to the disposition of the DIACAP registration information and system related data or objects in GIG supporting IA infrastructure and core enterprise services
