The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense process to ensure that risk management is applied to information systems. DIACAP is a process by which information systems are certified for compliance with DoD security requirements and accredited for operation by a designated official. DIACAP provides visibility and control for the secure operation of DoD information systems.
DIACAP defines a DOD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation of a DoD IS that maintains the information assurance posture throughout the ...view middle of the document...
Phase 4 â€“ Maintain: Once a C&A decision has been issued, it is important for organizations to maintain their current environment as to not slip out of compliance with DIACAP.
Phase 5 â€“ Decommission: Upon the end of the system lifecycle, DIACAP and the DOD require that certain activities be conducted during decommission of the system.
The DIACAP is important in continually managing the Information Assurance (IA) posture of an organization. It ensures
that risk management is applied to information systems within the DoD in order to protect personal privacy, the
information environment, and other missions reliant upon shared information, to establish and/or confirm that IA controls are implemented correctly and effectively within the organization.
The primary goal of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT.Â COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems. CobiTs mission: To research, develop, publicise and promote an authoritative, up-to-date, internationally accepted IT governance control framework for adoption by enterprises and day-to-day use by business managers, IT professionals and assurance professionals.
COBIT supports IT governance by providing a framework to ensure that:
â€¢ IT is aligned with the business
â€¢ IT enables the business and maximizes benefits
â€¢ IT resources are used responsibly
â€¢ IT risks are managed appropriately
The major objective of the Controls area is to discuss, share and learn with other COBIT users, to promote collaboration and sharing of information, solutions and experience among COBIT users.
Plan and Organize: This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives.
Acquire and Implement: Identifies, develops or acquires, as well as implemented and integrated into the business process. Changes in and maintenance of existing systems are covered by this domain to make sure the solutions continue to meet business objectives.
Monitor and Evaluate: This domain addresses performance management, monitoring of internal control, regulatory compliance and governance.
Delivery and Support: This domain is concerned with the actual delivery of required services, which includes service delivery,...