Instruction, "5200.40, dod information technology security certification and accreditation process (ditscap
)," December, 1997.
Issuance of DoD Directive 8500.1, Information Assurance, in October 2002, canceled the 5200.28 directive, manual, and standard, although the DoD Instruction 8500.2, Information Assurance Implementation, in February 2003, continued DITSCAP
as the applicable C&A process.
For example, the ISMS of Korea, the IT baseline protection Manual of Germany, and the DITSCAP
of the United State emphasize the terms of the information security technology; however, these systems are not well equipped to handle the management of information security.
I will discuss the background of how security engineering fell out of systems engineering, and then describe the proper role of the Security Engineer in the systems engineering process so that the DITSCAP
process will not affect cost, performance, and schedule just before the desired operational date.
Unisys developed the DITSCAP
standard for the DoD in the 1990s under the Defense Enterprise Information Services II (DEIS II) contract.
establishes a standard process that involves a set of activities, general tasks and a management structure to certify and accredit information systems that will maintain the LA and security posture of the Defense Information Infrastructure.
The partners on PlanetGov's D3 team provide an overall scope of capabilities and resources as well as specialized backgrounds tuned to current and emerging MHS requirements, such as web-based applications, identifying/developing/implementing enhanced applications and network security solutions, enterprise support services and training, and meaningful compliance with the DITSCAP
and HIPAA requirements.
The MISD also provides assistance during the Defense Department Information Technology Security Certification Process (DITSCAP
) and the National Information Assurance Certification and Accreditation Process (NIACAP).
The software simplifies C&A and reduces its costs by guiding users through a step-by-step process to determine risk posture and assess system and network configuration compliance with applicable regulations, standards and industry best practices, in accordance with the DITSCAP
, NIACAP, NIST or DCID processes.
DoD implemented IA certification and accreditation in December 1997 with the release of the DoDI 5200.40, DoD Information Technology Security Certification and Accreditation Process (DITSCAP
Xacta's software products empower organizations with a mechanism for assessing and improving information security risk posture in accordance with government and industry standards (DITSCAP
, NIACAP, BS ISO/IEC 17799, and BS 7799 Part 2).
Also, the way the picture tells it, interoperability testing is not part of the integrated test model, and it's noteworthy that information assurance certification testing is not on the chart (there are references to DITSCAP
certifications on the back of the wall chart; the Defense Information Assurance Certification and Accreditation Program has since replaced the DITSCAP