An Analysis of the DoD Certification and Accreditation Process
LeCounte, James A.
Ehlert, James F.
MetadataShow full item record
The Department of Defense (DoD) current strategic vision is to ensure that information superiority is maintained across the full spectrum of operations. Hence, one of the greatest challenges facing this vision is to secure the information infrastructure. Protection of the infrastructure entails the standoff of a myriad of attacks and malicious activity such as denial-of-service, viruses and Trojan horses. A daunting challenge in itself, protection of the infrastructure succeeds only with a strong policy, process, and standard. The current process used to ensure protection is the DoD Information Technology Security Certification and Accreditation Process (DITSCAP). It is currently being revised to the DoD Information Assurance Certification and Accreditation Process (DIACAP). This thesis analyzes current and past applications of the DITSCAP to evaluate successes and failures. Due to the large number of personnel who use the process and the astronomical cost associated with traveling to each of their commands, the method selected to obtain data for analysis was a survey and phone interviews. The survey was web-based and the link was emailed to personnel who use the process. The objective of this thesis is to provide recommendations for improving the process that should be considered in developing the DIACAP.
Showing items related by title, author, creator and subject.
Metric methodology for the creation of environments and processes to certify a component : specifically the Naval Research Laboratory Pump Rich, Ronald P.; Holmgren, Jonathan S. (Monterey, California. Naval Postgraduate School, 2003-03);A of the NP, but the key requirement for Certification and Accreditation is the creation of a Protection Profile and an understanding of the DITSCAP requirements and process. This thesis creates a Protection Profile for ...
Rasmussen, Craig W.; Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E. (DARPA DISCEX Conference, April 2003, 2003-04-00);Large complex systems need to be analyzed prior to operation so that those depending upon them for the protection of their information have a well defined understanding of the measures that have been taken to achieve ...
Stauffer, Natalie (Monterey, California. Naval Postgraduate School, 2003-06);The certification process can be defined as a comprehensive evaluation of all security features, both technical and nontechnical, of an information system. This process ensures that the system design and implementation ...