Transforming IA Certification and Accreditation across the National Security Community

Abstract

The Information Assurance Certification and Accreditation (IA C&A) transformation is a partnership that stretches across the Department of Defense (DoD), Director of National Intelligence (DNI), Committee on National Security Systems (CNSS), National Institute of Science and Technology (NIST), and the Office of Management and Budget (OMB). Much progress has been made since the DoD and DNI Chief Information Officer (CIOs) published an initial set of transformation goals in January 2007; however, much work remains. While core transformational documents are being authored through the CNSS and NIST, many of their underlying transformational concepts are being implemented in the DoD through the new DoD Information Assurance Certification and Accreditation Process (DIACAP), and in the intelligence community through the near-final Intelligence Community Directive 503. In January 2007, the DoD and DNI CIOs published seven goals for transforming C&A processes across the DoD and the IC. The following are the original seven goals along with some implementation details: (1) Define a common set of impact levels and adopt and apply them across the DoD and IC; (2) Adopt reciprocity as the norm, enabling organizations to accept the approvals by others without retesting or reviewing; (3) Define, document, and adopt common security controls, using NIST SP 800-53 as a baseline; (4) Adopt a common lexicon, using CNSSI 4009 as a baseline, thereby providing both the DoD and IC a common language and common understanding; (5) Institute a senior risk executive function, which bases decisions on an enterprise view of risk considering all factors, including mission, IT, budget, and security; (6) Incorporate IA into enterprise architectures and deliver IA as common enterprise services across the DoD and IC; and (7) Enable a common adaptable process that incorporates security within the life-cycle processes and eliminates security-specific processes.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 01, 2008
Accession Number
ADA486987

Entities

People

  • Eustace D. King

Organizations

  • Assistant Secretary of Defense for Networks and Information Integration

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Communities
  • Cybersecurity
  • Department Of Defense
  • Engineering
  • Information Assurance
  • Information Exchange
  • Information Operations
  • Information Security
  • Information Systems
  • Intelligence Community
  • Intelligence Community (United States)
  • National Security
  • Performance Tests
  • Security
  • Software Development
  • United States
  • United States Government

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management
  • Geospatial Intelligence and Artificial Intelligence Analytics