Wednesday, July 19, 2006

DIACAP is READY!!

**Update: Its 2014 and a LOT has changed.  For one thing, the DIACAP is now getting phased out and superseded by Risk Management Framework for Department of Defense IT.  The document is still DoDI 8510.01 but the content is MUCH different.  Its based on NIST 800-37, RMF for Fed systems.**

What is scary, is that my blogs are on google above some of the most informative pages about DIACAP. For this reason, the government should have secured blogs and or forum (.mil/.gov only) to allow faster access to this kind of extremely important information. C & A, security engineering and IA officers get information much faster than the Gov't can publish. A security forum or secure blogs would allow some email that we get on the latest news on IA issues to be posted immediately without fear of giving out unauthorized data over the Internet. Just one mans oppinion.

DoD 8510.bb is signed and will supercedes DoDI 5200.40 and DoDI 8510.1-M. The DIACAP Knowledge Service site is up and ready to go:
https://diacap.iaportal.navy.mil. (.gov, .mil only)
More information on the DIACAP - http://www.sdissa.org/downloads/Revised_DIACAP_KS_eMASS_Brief ISSA_10-28-05.ppt


What I don't get is how to get to eMASS.

Unless I have read wrong, the "Enterprise Mission AssuranceSupport System" (eMass) is supposed to be the main feature for automating and streamlining the Certification and Accreditation process. It seems that you have to get some sort of software to get access to eMass. Not sure, I'm researching this while reading up on the new DIACAP documents.
Here is some contact information on how to get on eMass - https://diacap.iaportal.navy.mil/ks/links2/emass.aspx