DOD Information Assurance Certification and Accreditation Process (DIACAP) is a process that provides the certification and accreditation (CA) of information systems used within the US Department of Defense (DoD).
It is a systematic process that ensures only accredited information systems tools and technologies are used within DoD’s IT Infrastructure.
DIACAP was created in 2007 as a means to authorize information systems to operate within the DoD IT Environment. For DIACAP to work, it requires the implementation of several security and governance policies and directives, such as:
-
Federal Information Security Management Act (FISMA)
-
Global Information Grid (GIG) Overarching Policy (DoDD 8100.1)
-
Information Assurance (DoDD 8500.01 E)
-
Information Assurance Implementation (DoDI 8500.2)
DIACAP requires an information system to be accredited across the network i.e. the certification and accreditation process will not just be system-based, but will also ensure that the information system ensures security when interacting and communicating over the Global Information Grid. Once a system has been accredited secure by DIACAP, its information security and assurance capabilities must be maintained through a formal system lifecycle.