point64: compilation: functions, operations, intel exchange

      DIACAP Workflow

      DoD Instruction 8510.01

      DoD Instruction 8500.2

      IA Policy Chart

      NSA WinNT STIG

      NSA Server 2003 STIG

      More NSA Guides

DIACAP: The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is the US DoD process to ensure risk management is applied on information systems (IS). DIACAP superceded DITSCAP.

The major change in DIACAP from DITSCAP is the embracing of the idea of information assurance controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system's mission assurance category (MAC) and confidentiality level (CL).

DIACAP encompasses the process by which information systems are certified for compliance with DoD security requirements and accredited for operation by a designated official and is the standard process under which all DoD information systems will achieve and maintain their Authority To Operate (ATO).

The STIG: The Security Technical Implementation Guide or STIG is a methodology for standardized secure installation and maintenance of computer software and hardware. The term was coined by DISA who creates configuration documents in support of the United States Department of Defense (DoD). The implementation guidelines include recommended administrative processes and span over the lifecycle of the device.

An example where STIGs would be of benefit is in the configuration of a desktop computer. Most Operating Systems are ordinarily usable in a wide-range of environments. This leaves them open to easily being controlled by malicious people, such as identity thieves and computer crackers (often incorrectly referred to as hackers). Therefore, a STIG describes what needs to be done for minimizing network-based attacks and also for stopping system access if a computer criminal is next to the device. Lastly, a STIG may also be used to describe the processes and lifecycles for maintenance (such as software updates and vulnerability patching).