In: Categories » Business » Branding and certification » DITSCAP Phases
|
DITSCAP was developed for evaluating and accrediting Department of Defense systems and also includes four phases. DITSCAP was developed and is published by the Defense Information Systems Agency (DISA) and it applies to the acquisition, operation, and on-going support of any Department of Defense system that collects, stores, transmits, or processes unclassified or classified information. It is mandatory for use by all defense agencies. The DITSCAP guidance is described in a document known as DoDI 5200.40 and is available at www.dtic.mil/whs/directives/corres/pdf/i520040_ 123097/i520040p.pdf. The four DITSCAP phases are the same as the NIACAP phases and are known as: 1. Definition 2. Verification 3. Validation 4. Post Accreditation The major areas of analysis for the DITSCAP methodology, as described in Phase II, are: 1 System Architecture Analysis 2. Software Design Analysis 3. Network Connection Rule Compliance 4. Integrity Analysis of Integrated Products 5. Life Cycle Management Analysis 6. Security Requirements Validation Procedures 7. Vulnerability Evaluation DISTCAP uses an infrastructure-centric approach and stresses that DoD systems are network-centric and interconnected.There are numerous DoD policies, referred to as directives that the DITSCAP must also adhere to. All the directives are named with numbers and begin with the numbers 5200. One of the most important DoD directives with which DITSCAP must be in compliance is DoDD 5200.28.The subject of 5200.28 is Security Requirements for Automated Information Systems (AIS). 5200.28 is available at http://csrc.nist.gov/fasp/FASPDocs/authorize-process/d520028p.pdf. 5200.28 is a 32-page document that names numerous other directives that must be complied with while adhering to the DITSCAP process. Relatively speaking, 5200.18 is an old document released in 1988. However, it is still in effect today, and there are many concepts related to information security that have not changed over time, which is why this policy is still relevant.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
Even those who have learned that a brand is a symbol, often fall into error by failing to understand that a brand can only arise from two sources. The first is as a result of product success. Most brand identities spring from this source. For example, Proctor & Gamble transformed Crest from just another contender to America's leading toothpaste for decades after persuading the American Dental Association that Crest really did help prevent cavities. For a time, Crest was the only toothpaste able to make this claim, and the m...
|
|
To ensure a sojourn at the branding altar free from sin, it's vital to understand what a brand is. First, it is not, nor can it ever be, a product or service. This is a concept difficult for many marketers to grasp. Yes, you can buy a company. And you can buy its brands. However, you can never sell these brands to the customer. All you can ever sell is products or services. This basic fact was ignored time and again during the dot-com and application service provider (ASP) boom of the late 1990s. Branding exercises ...
3. Designing a self assessment Survey
Before you start to design a self-assessment survey, check to see if your agency has a self-assessment template that already exists that they would like you to use. Since you’re probably under a deadline, don’t recreate a brand-new self-assessment survey if a pretty good one already exists at your agency. Also, it may be against the agency security policies to use a survey that is different than the one they provide. If your agency does not have a self-assessment survey template, you will need to develop one before you can...
4. How to Develop a Certification Package
Before you’ll be able to start putting together a Certification Package, you’ll need to acquire as much information as possible about the systems or applications you’ll be certifying.You need to be a good detective, and not lose faith when the details appear unclear.The more information you gather the clearer the details will become.You are about to put together an information technology jigsaw puzzle. Initiating Your C&A Project When you begin your C&A project, don&rs...
5. DCID 6.3
DCID 6/3 is the certification and accreditation process used by federal agencies working on intelligence projects (e.g., the CIA). Specifically, information technology projects that require that anyone working on them has a Top Secret, Sensitive Compartmentalized Information (SCI) clearance use the DCID 6/3 process. DCID stands for Director of Central Intelligence Directive and 6/3 refers to the process described in section 6, part 3 of the compendious Director of Central Intelligence Directives.5 The certification ...
6. Creditation and Acreditation Handbook Development
In developing the program, you’ll need to write a C&A Handbook that instructs your agency or bureau on how to prepare a Certification Package. The idea is to standardize the development of all Certification Packages that are submitted for evaluation.Without a handbook and a specified process, the Certification Packages will have a different look and feel. If 50 different Certification Packages all have the right information in it, but in different formats, it is going to be very difficult for the...
7. Criteria to Use for Determining the Certification and Accreditation Levels
In order to determine the level at which your information should be certified and accredited, there are seven criteria you should take into consideration: ■ Confidentiality ■ Integrity ■ Availability ■ Interconnection State ■ Processing State ■ Complexity State ■ Mission Criticality I am going to show you how to assign risk and impact ...