Department of Defense Information Technology Security Certification and Accreditation Process
From Free net encyclopedia
The Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) is a process defined by the United States Department of Defense (DoD) for managing risk. DoDI 5200.40 (DITSCAP) establishes a standard DOD-wide process, set of activities, general tasks, and a management structure to certify and accredit an Automated Information System (AIS) that will maintain the Information Assurance (IA) and security posture of the Defense Information Infrastructure (DII) throughout the life cycle of the system.
DITSCAP applies to the acquisition, operation and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. It identifies four phases: System Definition, Verification, Validation, and Re-Accreditation, and uses weighted metrics to describe risks and their mediation.
The DITSCAP processes have been refined by the publication of the DITSCAP Application Manual. A similar methodology, NIACAP, is used for the certification and accreditation of national security systems outside of the Department of Defense.
DITSCAP is expected to be replaced by the DIACAP methodology in 2006.