Preface | p. iii |
Figures | p. vii |
Tables | p. ix |
Summary | p. xi |
Acknowledgments | p. xvii |
Abbreviations | p. xix |
Background and Objective | p. 1 |
Background | p. 1 |
Objective | p. 4 |
Organization of This Monograph | p. 5 |
Growing Challenges for the Information Assurance Certification and Accreditation of DoD Information Systems | p. 7 |
Software Complexity | p. 7 |
Increasing Software Vulnerabilities and Malware Population | p. 9 |
Limitations of Automated Software Review Tools | p. 11 |
Challenge of Incremental Program Development | p. 11 |
Increasing Scrutiny of Programs | p. 12 |
System Interdependence and Interconnectedness | p. 12 |
Configuration Management and System Administration | p. 13 |
Overview of the Current DoD Information Assurance Certification and Accreditation Process | p. 15 |
DIACAP Activities and Scope | p. 15 |
Definition of a DoD Information System | p. 16 |
DIACAP Validation Activities and Results | p. 17 |
Aggregation Approach to DoD Information Assurance Certification and Accreditation | p. 19 |
Degrees of Aggregation | p. 19 |
Potential DIACAP Policy Issues | p. 23 |
Initiate and Plan Information Assurance Certification and Accreditation | p. 23 |
Implement and Validate Information Assurance Controls | p. 24 |
Decommission | p. 27 |
Potential DIACAP Implementation Difficulties for Aggregate Information Systems | p. 28 |
Initiate and Plan Information Assurance Certification and Accreditation | p. 28 |
Implement and Validate Information Assurance Controls | p. 28 |
Make Certification Determination and Accreditation Decisions | p. 29 |
Maintain Authorization to Operate and Conduct Reviews | p. 36 |
Balancing Transparency and Reporting Requirements | p. 36 |
Information System Information Assurance Pedigree | p. 37 |
Observations and Recommended Changes to DoD and Federal Policy | p. 41 |
Policy Recommendations | p. 42 |
Implementation Recommendations | p. 44 |
A Suggested Partial IA Aggregation Approach | p. 45 |
Appendixes | |
DIACAP System Identification Profile | p. 47 |
Definitions of MAC, CL, and MC | p. 53 |
References | p. 57 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.