1. What is the difference between DITSCAP and DIACP?
a. DITSCAP provided guidance on roles, activities and documents for performing C&A, but it did not clearly identify what requirements to use.
b. DIACAP points to DoDD 8500.2, making it clear where to start identifying the IA capabilities that should be included and assessed for a particular C&A effort.
c. One of the biggest complaints about DITSCAP was that it required too much documentation and took too long to perform.
d. DIACAP identifies four spreadsheets that summarize important C&A information.
e. A second complaint about DITSCAP was that it only accommodated individual systems.
...view middle of the document...
3. What is C&A and what are the following Acronyms related to the C&A process: DISN, GIG, PAA, DAA, DISA?
i. Certification: Comprehensive evaluation of the technical and non-technical security features of an IS to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. (CNSSI 4009)
j. Accreditation: Formal declaration by a Designated Approving Authority (DAA) that an IS, is approved to operate in a particular security mode at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. (CNSSI 4009).
k. GIG- Global Information Grid
l. DAA- Designated Accrediting Agency
m. DISN- Defense Information Systems Network
n. DISA- Defense Information Agency
o. PAA- Principle Accrediting Authority
4. What is the Defense Industrial Base Sector?
p. The Defense Industrial Base Sector is the worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements. The Defense Industrial Base partnership consists of Department of Defense components, more than 100,000 Defense Industrial Base companies and their subcontractors who perform under contract to the Department of Defense, companies providing incidental materials and services to the Department of Defense, and government-owned/contractor-operated and government-owned/government-operated facilities.
5. Who develops the configuration and validation requirements for IT products and services within the DoD?
6. What is DoD 8570.01?
r. Information Assurance Training, Certification and Workforce Management.
s. This directive requires all DoD personnel and contractors who conduct information assurance functions in assigned duty positions to achieve very specific levels of certification. Types of certification depend on that employee's job. Some parts of the requirement must be met within two years, and all must be met within five year.
t. The directive also has a companion manual that gives guidance on 8570 Implementation entitled DoD 8570.1-M Information Assurance Workforce Improvement Program
7. Find a copy of the DoDD 8570.1-M revision dated April, 2010. What professional certifications comply with the 8570.01-M specification and...