DIACAP -- DoD Information Assurance Certification and Accreditation Process Training
The DoD instruction number 8510.01 for Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP), November 28, 2007, establishes a C&A process to manage the implementation of IA capabilities and services and provide visibility of accreditation decisions regarding the operation of DoD ISs, including core enterprise services- and Web services-based software systems and applications.
DIACAP Instruction 8510.01 attempts to streamline the C&A process. Telos can help you learn how with Xacta IT security training.
Our three-day training course will provide you and your team with the skills needed to recognize and construct a C&A program for new or legacy systems in accordance with the DIACAP Instruction 8510.01. You will also test your knowledge as a validator.
Who Should Attend?
DIACAP applies to all DoD-owned Information Systems (ISs) and DoD-controlled ISs operated by a contractor or other entity on behalf of the Department of Defense that receive, process, store, display, or transmit DoD information, regardless of classification or sensitivity
Key Personnel: Information System Security Officers, System Security Managers, Information Technology Managers, Data Security Specialists, System Administrators, Program Managers, Certification Authorities, Designated Approving Authorities, and Principle Accrediting Authorities.
All information security professionals who:
- Are responsible for performing or maintaining their organization's system/network C&A process
- Have less than one year of active participation in a dedicated C&A effort
- Are Interested in learning how to build the team necessary to conduct a successful, efficient C&A program
- Are with (or without) knowledge of DITSCAP and are migrating to DIACAP
Course Topics and Interactive Learning
Course content includes instruction and practical hands-on exercise labs covering:
- Certification and Accreditation Fundamentals
- System Definition/Accreditation Boundaries
- Threat Identification
- Vulnerabilities & Security Controls
- DIACAP Risk Management Process
- DIACAP Overview
- DIACAP Activity 1: Initiate and Plan IA C&A
- DIACAP Activity 2: Implement and Validate Assigned IA Controls
- DIACAP Activity 3: Make Certification Determination and Accreditation Decision
- DIACAP Activities 4 & 5: Maintain Authorization to Operate and Conduct Reviews and Decommission
- Validate a C&A package
What Will You Learn?
Upon successful completion of the DIACAP Certification & Accreditation training course, each participant will be able to:
- Understand the C&A guidelines presented in the DIACAP
- Describe the process of identifying/defining an accreditation boundary.
- Understand threat, vulnerability and control relationships and how they correlate to risk.
- Understand the DIACAP risk management process - focusing on the following:
- Categorizing information systems into one of the 4 DoD IS types
- Assigning Mission Assurance Categories (MAC) and Confidentiality Levels (CL) to ISs
- Selecting baseline DoDI 8500.2 IA Controls
- Validating baseline DoDI 8500.2 IA Controls
- Walk through each of the DIACAP Activities step-by-step in order to:
- Recognize what tasks are accomplished in each activity
- Understand what the roles and responsibilities for the C&A Team under DIACAP are
- Identify what documentation is generated
- Describe the Contents of a DIACAP Package, with emphasis on the following documentation:
- System Identification Profile (SIP)
- DIACAP Implementation Plan (DIP)
- Plan of Action and Milestones (POA&M)
- DIACAP Scorecard
- Other Relevant Supporting Documentation
- Understand the certification review & recommendation process
- Identify four types of accreditation decisions
- Understand how an accreditation decision is made
- Know how to maintain situational awareness
- Conduct an annual review
- Understand the re-accreditation process
- Decommission the system
- Test your knowledge
Check the training schedule here.