DITSCAP
The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the United States Department of Defense (DoD) for managing risk. DIACAP replaced the former process, known as DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process), in 2006.
DoD Instruction (DoDI) 8510.01 establishes a standard DoD-wide process with a set of activities, general tasks and a management structure to certify and accredit an Automated Information System (AIS) that will maintain the Information Assurance (IA) posture of the Defense Information Infrastructure (DII) throughout the system's life cycle.
DIACAP applies to the acquisition, operation and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. It identifies four phases:
- System Definition
- Verification
- Validation
- Re-Accreditation
DIACAP also uses weighted metrics to describe risks and their mitigation.
The DIACAP processes was refined by the publication of the DIACAP Application Manual. A similar methodology, NIACAP, is used for the certification and accreditation (C&A) of national security systems outside of the DoD.