DIACAP -- DoD Information Assurance Certification and Accreditation Process Training

The DoD instruction number 8510.01 for Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP), November 28, 2007, establishes a C&A process to manage the implementation of IA capabilities and services and provide visibility of accreditation decisions regarding the operation of DoD ISs, including core enterprise services- and Web services-based software systems and applications.

DIACAP Instruction 8510.01 attempts to streamline the C&A process. Telos can help you learn how with Xacta IT security training.

Our three-day training course will provide you and your team with the skills needed to recognize and construct a C&A program for new or legacy systems in accordance with the DIACAP Instruction 8510.01. You will also test your knowledge as a validator.

Who Should Attend?

DIACAP applies to all DoD-owned Information Systems (ISs) and DoD-controlled ISs operated by a contractor or other entity on behalf of the Department of Defense that receive, process, store, display, or transmit DoD information, regardless of classification or sensitivity

Key Personnel: Information System Security Officers, System Security Managers, Information Technology Managers, Data Security Specialists, System Administrators, Program Managers, Certification Authorities, Designated Approving Authorities, and Principle Accrediting Authorities.

All information security professionals who:

Are responsible for performing or maintaining their organization's system/network C&A process
Have less than one year of active participation in a dedicated C&A effort
Are Interested in learning how to build the team necessary to conduct a successful, efficient C&A program
Are with (or without) knowledge of DITSCAP and are migrating to DIACAP

Course Topics and Interactive Learning

Course content includes instruction and practical hands-on exercise labs covering:

Certification and Accreditation Fundamentals
System Definition/Accreditation Boundaries
Threat Identification
Vulnerabilities & Security Controls
DIACAP Risk Management Process
DIACAP Overview
DIACAP Activity 1: Initiate and Plan IA C&A
DIACAP Activity 2: Implement and Validate Assigned IA Controls
DIACAP Activity 3: Make Certification Determination and Accreditation Decision
DIACAP Activities 4 & 5: Maintain Authorization to Operate and Conduct Reviews and Decommission
Validate a C&A package

What Will You Learn?

Upon successful completion of the DIACAP Certification & Accreditation training course, each participant will be able to:

Understand the C&A guidelines presented in the DIACAP
Describe the process of identifying/defining an accreditation boundary.
Understand threat, vulnerability and control relationships and how they correlate to risk.
Understand the DIACAP risk management process - focusing on the following:
- Categorizing information systems into one of the 4 DoD IS types
- Assigning Mission Assurance Categories (MAC) and Confidentiality Levels (CL) to ISs
- Selecting baseline DoDI 8500.2 IA Controls
- Validating baseline DoDI 8500.2 IA Controls
Walk through each of the DIACAP Activities step-by-step in order to:
- Recognize what tasks are accomplished in each activity
- Understand what the roles and responsibilities for the C&A Team under DIACAP are
- Identify what documentation is generated
Describe the Contents of a DIACAP Package, with emphasis on the following documentation:
- System Identification Profile (SIP)
- DIACAP Implementation Plan (DIP)
- Plan of Action and Milestones (POA&M)
- DIACAP Scorecard
- Other Relevant Supporting Documentation
Understand the certification review & recommendation process
- Identify four types of accreditation decisions
- Understand how an accreditation decision is made
Know how to maintain situational awareness
- Conduct an annual review
- Understand the re-accreditation process
- Decommission the system
Test your knowledge
- Validate a C&A package

Check the training schedule here.