Effectiveness of the Department of Defense Information Assurance Accreditation Process

Abstract

For many years, the Department of Defense (DoD) has used very formalized processes for authorizing the operation of its information systems. This authorization process, known as accreditation within the DoD, has always been based on certification testing of those systems and an assessment of the risks associated with operating those systems on the DoD's Global Information Grid (GIG). Despite using these various costly and process-intensive methods for certification and accreditation (C&A), it is questionable whether or not these processes have actually improved the security of DoD systems and networks commensurate with the cost and effort involved. Further, given current advances in systems security technologies, recent changes in DoD's strategy for operating in cyberspace, and even the very structure of the DoD's enterprise networks in the near future, should (or even can) the DoD continue to test and authorize information systems using these same methodologies? This paper addresses this question and proposes other ways the DoD can more effectively assess its systems and networks to better ensure their security over time.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2013
Accession Number
ADA590269

Entities

People

  • Joseph L. Valladares

Organizations

  • United States Army War College

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Network Security
  • Computing Devices
  • Cyberspace
  • Department Of State
  • Governments
  • Information Assurance
  • Information Systems
  • National Governments
  • National Security
  • Networks
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Systems Engineering
  • United States Government
  • War Colleges

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management

Technology Areas

  • Cyber