2, Information Assurance Implementation, in February 2003, continued DITSCAP
as the applicable C&A process.
For example, the ISMS of Korea, the IT baseline protection Manual of Germany, and the DITSCAP
of the United State emphasize the terms of the information security technology; however, these systems are not well equipped to handle the management of information security.
The Department of DITSCAP
calls out for several roles: the Designated Approving Authority, the Certification Authority, and a Certification Agent (or certifier).
Unisys developed the DITSCAP
standard for the DoD in the 1990s under the Defense Enterprise Information Services II (DEIS II) contract.
establishes a standard process that involves a set of activities, general tasks and a management structure to certify and accredit information systems that will maintain the LA and security posture of the Defense Information Infrastructure.
The policy required the independent operational test authorities to assess IA as part of the system evaluation while leveraging to the extent possible other IA testing--such as DITSCAP
security T&E--to reduce duplication.