DoDI 8510.01 (DIACAP), is the United States Department of Defense (DoD) Information Assurance Certification and Accreditation Process, a process to ensure that risk management is applied on Information Systems from an enterprise view.  DIACAP is a DoD-wide standard set of activities, tasks and process for the certification and accreditation of a DoD information system that maintains the Information Assurance (IA) posture throughout a system's life cycle.  A key goal of the process is to make certain that risk management considerations are applied to US Defense Department information systems. 

This process ensures that a DoD information system meet the appropriate security policies throughout its entire lifecycle.  Below is a graphical representation of the five step DIACAP activities and phases.  Praetorian Secure can assist with all activities in the DIACAP process we are experts in assiting your organization with DIACAP implementation.  Please contact us at info@praetoriansecure.com or (248) 953-3853.  We are a Service Disable Veteran Owned Small Business (SDVOSB) registered for all contracting opportunities.

DIACAP Wheel:

DIACAP Key Features:

• Dynamic process

• IA posture reviewed not less than annually

• DoD enterprise C&A decision structure

• DIACAP Scorecard -- conveys compliance with assigned IA Controls and the IS C&A decision status

• IA controls may be augmented at the DoD Component level and IS level

• Implements baseline (enterprise) level IA Controls based on the IS Mission Assurance Category (MAC) and Confidentiality Level (CL)

Mission Assurance Category (MAC): Applicable to DoD information systems, the mission assurance category reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the war fighters’ combat mission. Mission assurance categories are primarily used to determine the requirements for availability and integrity. The Department of Defense has three defined mission assurance categories.

Confidentiality Level (CL): Applicable to DoD information systems, the confidentiality level is primarily used to establish acceptable access factors, such as requirements for individual security clearances or background investigations, access approvals, and need-to-share determinations; interconnection controls and approvals; and acceptable methods by which users may access the system (e.g., intranet, Internet, wireless). The DoDI 8500.2 defines three confidentiality levels: classified, sensitive, and public.