Wednesday, July 19, 2006

DIACAP is READY!!

**Update: Its 2014 and a LOT has changed.  For one thing, the DIACAP is now getting phased out and superseded by Risk Management Framework for Department of Defense IT.  The document is still DoDI 8510.01 but the content is MUCH different.  Its based on NIST 800-37, RMF for Fed systems.**

What is scary, is that my blogs are on google above some of the most informative pages about DIACAP. For this reason, the government should have secured blogs and or forum (.mil/.gov only) to allow faster access to this kind of extremely important information. C & A, security engineering and IA officers get information much faster than the Gov't can publish. A security forum or secure blogs would allow some email that we get on the latest news on IA issues to be posted immediately without fear of giving out unauthorized data over the Internet. Just one mans oppinion.

DoD 8510.bb is signed and will supercedes DoDI 5200.40 and DoDI 8510.1-M. The DIACAP Knowledge Service site is up and ready to go:
https://diacap.iaportal.navy.mil. (.gov, .mil only)
More information on the DIACAP - http://www.sdissa.org/downloads/Revised_DIACAP_KS_eMASS_Brief ISSA_10-28-05.ppt


What I don't get is how to get to eMASS.

Unless I have read wrong, the "Enterprise Mission AssuranceSupport System" (eMass) is supposed to be the main feature for automating and streamlining the Certification and Accreditation process. It seems that you have to get some sort of software to get access to eMass. Not sure, I'm researching this while reading up on the new DIACAP documents.
Here is some contact information on how to get on eMass - https://diacap.iaportal.navy.mil/ks/links2/emass.aspx

2 Comments:

Blogger Ram said...

Hi. I'm urgently in need of some basic clarifications on DITSCAP/DIACAP and its applicability. Is this required for all systems used by the DoD? How do you define an Information System? I am trying to get some departments within the DoD to use my Virtual Classroom system for their training purposes, hosted on my servers over the internet. I already have a lot of other non-government enterprise clients. Do I have to make my system pass DIACAP in order to do business with the DoD?

Please help me out. If you could drop a mail at ramkum AT gmail DOT com, I would be so grateful!

10:28 AM  
Blogger Anna Liu said...

Very informative information. I'm a recruiter for Northrop Grumman and I'm currently recruiting IA folks for our Baltimore location. Please let me know if you'd be interested. If so, email me at anna.liu at ngc.com.

Regards,
Anna

11:46 AM  

Post a Comment

<< Home