According to rumors about the DIACAP, the document is waiting
to be signed.
DoD 8510.bb will be the DIACAP Instruction guide. The DoD 8510.bb, Defense
Information Assurance Certification and Accreditation Process will replace
the 5200.40, DoD Information Technology Security Certification and Accreditation
Process (DITSCAP) and 8510.1-M, Department of Defense Information Technolgoy
Security Certification and Accreditation Process (DITSCAP) Application
Manual.
The great thing about the upcoming DIACAP is that it will be a web-based
process. The DIACAP Knowledge Service will provide Information Assurance
communities with a portal that at as a DIACAP Instruction guide,
DIACAP training, provide recent DIACAP developments and DIACAP community
forums.
Another service that will help the DIACAP process is the Enterprise
Mission Assurance
Support System (eMass) which will be a DIACAP automated tool, a suite
of integrated services, for select core IA program management processes.
eMass will be the ultimate in DIACAP guidelines because it will guide
you through the DIACAP process.
Transition from DITSCAP to DIACAP:
If your system is currently under a DITSCAP ATO, that ATO is good
until expiration
If you are in the middle of the DITSCAP and have a signed phase
1, you will be able to accredit via DITSCAP - with some minor provisions.
If the system has never been put throught the Certification & Accreditation
process, then you will begin with DIACAP
Under DITSCAP, systems are supposed to implement the IA controls called for
in 8500.2 - based upon your MAC and CL. If you are doing this currently, your
transition will be much easier.
Resources:
C&A Old Enough to buy a drink
8510.1-m,
Department of Defense Information Technolgoy Security Certification
and Accreditation Process (DITSCAP) Application
Manual
5200.40, DoD Information Technology Security Certification and Accreditation
Process (DITSCAP)
DIACAP KS/eMASS Breifing
