DIACAP (DoD Information Assurance Certification and Accreditation Process) and CON

B

Bunny

#1
I was just asked to look into DIACAP and CON for my company. I have an idea what this is because I found a bit of info when I googled it. Can anyone explain it to me in a nut shell? What types of companies have to comply with this? How long is the certification process? How intense is it? Who performs the certification?
I appreciate any help.
 
Elsmar Forum Sponsor
G

George Weiss

#2
Re: DIACAP and CON

I hope some further references on the web will help.
If you have a computer and it will have DOD information on it, then you are looking at having to evaluate the need for sure.

If you handle DOD information on your business computer you are a DIACAP candidate.
Automated software security for you computer will be needed and more.
A good summery is:
Information Assurance Controls:
The theme of the DIACAP revolves around how a program currently (or plans) to implement IA controls applicable to that system. IA Controls of a system are determined by the systems Mission Assurance Category (MAC) and classification level (CL). The baseline IA Controls that systems need to meet are found in DoD 8500.2 (Information Assurance Implementation) Enclosure 4.
DoD 8510.01 2008 @
http://vraialliance.com/DIACAP-BRIEF.pdf
The DIACAP process can be plagued with obstacles and roadblocks. It can take anywhere from 6 months
to 2 years to complete the entire process. There is a 3 year cycle for re-certification. Info/overview @
http://www.novadatacom.com/whitepapers/DIACAP-Whitepaper.pdf
A good DIACAP overview @
http://www.infectionvectors.com/library/diacap_review-iv.pdf
Department of the navy DIACAP 2008 handbook
http://www.doncio.navy.mil/Download.aspx?AttachID=627
A global set of information assurance controls based on the Mission Assurance
Category (MAC) of a system and the Confidentiality of the information processed and
stored by the system. DoD 8500.2 provides the controls required for any combination of
MAC and Confidentiality.
http://vraialliance.com/DIACAP-BRIEF.pdf
NIST handbook 150-17 @
http://www.nist.gov/pml/nvlap/upload/NIST_HB_150_17_2008-07-01.pdf
DIACAP brief overview with list of reference documents @
http://www.xlr8-technologies.com/CMS/admin/Assets/lunarline/pdfs/lunarline_diacap_process1.pdf

There is never anything simple about US DoD security.
 
Thread starter Similar threads Forum Replies Date
Marc DOD, DHS and NASA Are Driving Adoption of Internet of Things Sensors IEC 27001 - Information Security Management Systems (ISMS) 1
apestate Acceptance Sampling - Interpretation of "Lot" - DOD DCMA Inspector coming Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
apestate Question on wording in DOD RFQ regarding ISO 9000 Various Other Specifications, Standards, and related Requirements 7
apestate At-Source DCMA QAR DOD Inspector finds fault with Part Marking Various Other Specifications, Standards, and related Requirements 5
A DoD Classification of Class 1 and 2 Design Changes and what spec it's called out in Design and Development of Products and Processes 2
Z Department of Defense (DoD) Quality Plan Document Control Systems, Procedures, Forms and Templates 11
R Certificate of compliance (C of C) DOD requirements for commercial items in products Various Other Specifications, Standards, and related Requirements 3
T USAF DoD trained in calibration - Looking for Careerpath advice.... Career and Occupation Discussions 5
ScottK The Berry Amendment (Imposed by 10 U.S.C. 2533a) for DoD parts - Trying to decipher Various Other Specifications, Standards, and related Requirements 7
M Help DOD inspection - Standard temperature calipers should be calibrated at? General Measurement Device and Calibration Topics 7
E Material Review Boards - Are these DOD things a thing of the past? Nonconformance and Corrective Action 14
R APQP and Dod Product Qualification Program (Production Line Qualification) APQP and PPAP 4
Marc Where to find government DoD specifications and standards - Mil Specs Various Other Specifications, Standards, and related Requirements 0
A Can a organization use a disclaimer "pending AS9100 Certification" in Marketing Information? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
D FDA Information - Revising the Instructions for Use US Food and Drug Administration (FDA) 0
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
S Mechanical Test Under FDA Freedom of Information Act Medical Device and FDA Regulations and Standards News 5
Watchcat Summary of De Novo Biocompatibility Information, 2015-2018 Other US Medical Device Regulations 0
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Sidney Vianna Release of ISO 10013:2021, Quality management systems – Guidance for documented information Other ISO and International Standards and European Regulations 0
W How long do you keep information about equipment no longer used? Document Control Systems, Procedures, Forms and Templates 2
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
R What information do i need to get from the device manufacturer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
T Types of confidential information ISO 17025 related Discussions 8
D Preservation of Electronic Data / Information Technology ISO 13485:2016 - Medical Device Quality Management Systems 5
S API Spec.Q1 Standards Version in Purchasing Information Oil and Gas Industry Standards and Regulations 1
eule del ayre Documented Information - Periodic Review of Documents? IATF 16949:2016 / ISO 9001:2015 IATF 16949 - Automotive Quality Systems Standard 34
R Information on obtaining a market authorization for China China Medical Device Regulations 2
B SN95 Respirator Approval Information Other Medical Device Related Standards 0
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
O EN 301 489-1 and EN 301 489-17 - Where do we get the information of the Published versions? CE Marking (Conformité Européene) / CB Scheme 1
K Article 18: Implant Card and information to be communicated. EU Medical Device Regulations 5
K EU MDR Annex 1 Chapter III: Information in the Instructions for Use-23.4 (e) the performance characteristics of the device; EU Medical Device Regulations 1
A GMDN Registration Basic preliminary Information EU Medical Device Regulations 0
J Controlled information versus defined documents / records ISO 13485:2016 - Medical Device Quality Management Systems 3
A Medical device Reporting : Good Faith Effort for Additional information Other US Medical Device Regulations 2
P Cenelec updated standard information CE Marking (Conformité Européene) / CB Scheme 1
Richard Regalado Automotive News TISAX - VDA ISA (information security assessment) VDA Standards - Germany's Automotive Standards 5
JoCam False information provided for Medical Device Registration - What are the implications? Other Medical Device Related Standards 3
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
Richard Regalado What could go wrong with information: Ransomware statistics and facts (2018 to present) IEC 27001 - Information Security Management Systems (ISMS) 0
Q LOT or Serial Number Symbol not used when the information is contained in the UDI? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
A Information about Medical Device Test Laboratories Other Medical Device and Orthopedic Related Topics 4
C Missing routers/documented information Nonconformance and Corrective Action 5
MrTetris Unacceptable risk and information for safety ISO 14971 - Medical Device Risk Management 16
M Is Harmonised EN 1041 (Information Supplied By Manufacturer) Worth Looking At? EU Medical Device Regulations 7
P Predicate Device Information for 510(k) Submission Medical Device and FDA Regulations and Standards News 4
V IS/ISO/IEC 17025:2017 Clause 7, sub clause 7.11 Control of data and information management ISO 17025 related Discussions 1
A Medical Device Contract Manufacturing Requirements and Information - Help wanted ISO 13485:2016 - Medical Device Quality Management Systems 5
H Analog Pressure Gauge with no EN837 accuracy class information General Measurement Device and Calibration Topics 5

Similar threads

Top Bottom