DIACAP Policy

**Update (2014):  DoD 8500 and 8510 have been updated.  DoD 8500, Information Assurance is now DoDD 8500, CyberSecurity & DoDI 8510, DIACAP is not DoDI 8510, Risk Management Framework for DoD IT.  - here is more on DoD RMF.

This is an overview of the DIACAP's final draft, paraphrased.

The DIACAP includes the same things that the DITSCAP has with two major differerences: netcentric environments and GIG standards. With these two (and MANY other changes) it seems that this evolution of the DITSCAP has to take place. So many major levels of Information Assurance in the DoD and abroad have changed that DITSCAP will have to embrace them to stay relevant.

The DIACAP policies will come from DoD Directive 8500.1/.2.

The DIACAP supports Information Systems transitioning to netcentric environments and GIG Standards by:

1. Ensuring uniformity of approach
2. Managing and disseminating Information Assurance Design, implementation, validation, sustainement and approach
3. Being able to handle differing system
4. facilitating a dynamic environment

Information Assurance will be implemented with Information Assurance Controls as defined by DoDI 8500.2 and maintained through a DoD wide configuration management process that considers the GiG architecture and risk assessments conducted at the DoD component level in accordance with FISMA.

The DIACAP will support the ongoing validation to maintain the Information Assurance posture of an Information System. DoD component IA Programs are the primary method of supporting the DoD Information Assurance Program.

Status of all systems in the DIACAP program will be available to all who have authorized access.