certification & accreditation

certification & accreditationDIACAPDIARMFDIARMF ProcessRisk Management For DoD IT


no thumb

There are differences between the old DIACAP (being phased out), DoD RMF for IT and NIST RMF. What is “DIACAP”? It stands for Department of Defense Information Assurance Certification & Accreditation Process and it is based on the old DoDI 8510.01 and DoD 8500 documents. The process was designed to make absolutely sure federal systems have security on them.

With the constant exponential evolution of information technology this process has had to change to keep up with the times. DIACAP is being replaced with DoD Risk Management Framework for Information Technology (DoD RMF for IT). This process has more granularity, more detailed, more frequent and covers many new technology that was not covered by DIACAP. DoD RMF for IT is actually based fundamentally on NIST SP 800-37, Risk Management Framework.



read more
certification & accreditationDIACAPDIARMF

Risk Management Framework NIST 800 Step 1 Categorization

no thumb

This is an introduction to Step 1, Categorization of the NIST SP 800-37, Risk Management Framework process. Categorization consists of three primary steps:
1) Determining the Security Categorization of the information system. This is done by breaking down the primary information types on the system. You can get great guidance on this from FIPS 199 and NIST SP 800-60 (Volume I-II).
2) Create a System Description. This is really the first step to creating a System Security Plan and it leads to registering the systems.
3) Register the system. This means that you need to advertise the the system to all the stakeholders of the system in the organization. Organizations usually have a method of doing this with a database that can be seen by upper-level management.




read more
certification & accreditationDIACAPDIARMFInformation AssuranceRisk Management For DoD IT

What is Risk Management Framework NIST 800 37

diarmfs cyber security

Risk Management is being aware of and taking actions to prepare for probable unfavorable outcomes.

Risk Management Framework is a process the implement risk management in an organization.

There are (6) steps to the RMF:
1. Categorize
2. Select
3. Implement
4. Assess
5. Authorize
6. Continuous Monitoring

More on the Risk Management Framework Steps here:

risk management framework steps

read more
certification & accreditationcyberspace workforceDIARMF JobsInformation Assurance Jobsrisk jobs

Information Security Certification and Accreditation (C&A) specialist

22nd Century Staffing Inc. (TSCSI)
Please review the job description below and let me know if this position is of interest to you. If it’s not a good fit for you currently, I’d still appreciate the opportunity to cultivate a working relationship with you. In getting to know you better, and in understanding your short-term and long-term career goals, it will certainly be a mutually beneficial relationship moving  forward.
Title:                            Information Security Certification and Accreditation (C&A) specialist
Location:                     Raleigh, NC
Duration:                    6 Months
Job Description:
The client seeks an Information Security Certification and Accreditation (C&A) specialist to perform C&A evaluations across multiple applications, ensuring continual compliance with federal and agency standards
Required Skills:
  • Experience with the Information Resource Security Certification and Accreditation (C&A) processes
  • Must be certified in at least one of the following:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Authorization Professional (CAP)
  • Certified Security Analyst (CSA)
  • Certified Information Security Manager (CISM)
  • Experience with assessing business system for sensitivity and criticality
  • Experience with recommending security requirements, based on generally accepted industry practices
  • Additional Provisions
  • Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
  • Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
  • If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
read more
certification & accreditationDIACAPRisk Management For DoD IT

DIACAP transition to RMF for DoD IT slides

no thumb


  • DoDI 8510.01, DoD Information Assurance Certification & Accreditation (DIACAP) is being replaced/modified
  • DoD 8510, Risk Management Framework For DoD IT (The RMF)
    • NEW 8500 based on NIST SP 800 series

DIACAP to the RMF Authority

  • Teri M. Takai Defense CIO (former ASD(NII)), Is the authority behind the transition from DIACAP to The RMF
  • “The DON will continue to use the DoDI 8500.2 as the authoritative source for security controls until otherwise specified. However, understanding the changes represented in NIST SP 800-53r3 will be essential as DoD and the DON begin transitioning to this new set of security controls. To support the transition, the DON CIO developed this security control mapping document to demonstrate how existing DoD and IC security controls map to the security controls recommended by the NIST SP 800-53r3 publication.” —DON CIO

Future of DIACAP

  • DIACAP KS “C&A Transformation” pages that introduce some of the coming changes
  • DIACAP has “Risk Management Framework Transformation Initiative” underway
  • Provides information on use of NIST SP 800-53, NIST SP 800-37, CNSS Instruction 1253
  • Introduces changes being made to DoDD 8500.01, DoDI 8500.2, and DoDI 8510.01


read more
certification & accreditationDIACAPDIARMFInformation AssuranceNIST Security FrameworkRDITrisk managementRisk Management For DoD IT

RMF Knowledge Service (RMFKS)

no thumb

The DoD CIO gave an overview of the Risk Management Framework (RMF) transition.  The Risk Management Framework Knowledge Service (RMFKS) is a central repository for RMF DoD for IT.  This site is up for access as long as you have a Common Access Card (CAC) or ECA cert.  The link is below but some of the links on the site are still under construction.

Information Assurance
Information Assurance

The former site was for certification & accreditation / risk management was the DIACAP Knowledge Service (https://diacap.iaportal.navy.mil/).


read more
1 2
Page 1 of 2