Category Archives: certification & accreditation

diacap tarry town

DIACAP Compliance Engineer and Information Assurance Lead Jobs (risk management framework)

Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months

Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485
E-Mail : pradyut@enterprisesolutioninc.com
Gmail : pradyut10.esi@gmail.com

Title: Information Assurance Lead
Location: Aberdeen, MD
Client: Federal
Duration: Full Time

Home


8251 Greensboro Drive, 9th Floor

McLean VA 22102
yogeshk@etalentnetwork.com

Office: (877) 715-3865 Ext.328

I get people contacting me every week about jobs all around the US! Today, I am going to show you a couple that I received recently. I hope that it will give you some idea of what employers and contracts look for in security compliance professionals.

DIACAP vs DoD RMF for IT vs NIST RMF

There are differences between the old DIACAP (being phased out), DoD RMF for IT and NIST RMF. What is “DIACAP”? It stands for Department of Defense Information Assurance Certification & Accreditation Process and it is based on the old DoDI 8510.01 and DoD 8500 documents. The process was designed to make absolutely sure federal systems have security on them.

With the constant exponential evolution of information technology this process has had to change to keep up with the times. DIACAP is being replaced with DoD Risk Management Framework for Information Technology (DoD RMF for IT). This process has more granularity, more detailed, more frequent and covers many new technology that was not covered by DIACAP. DoD RMF for IT is actually based fundamentally on NIST SP 800-37, Risk Management Framework.

 

 

Risk Management Framework NIST 800 Step 1 Categorization

This is an introduction to Step 1, Categorization of the NIST SP 800-37, Risk Management Framework process. Categorization consists of three primary steps:
1) Determining the Security Categorization of the information system. This is done by breaking down the primary information types on the system. You can get great guidance on this from FIPS 199 and NIST SP 800-60 (Volume I-II).
2) Create a System Description. This is really the first step to creating a System Security Plan and it leads to registering the systems.
3) Register the system. This means that you need to advertise the the system to all the stakeholders of the system in the organization. Organizations usually have a method of doing this with a database that can be seen by upper-level management.

 

 

 

diarmfs cyber security

What is Risk Management Framework NIST 800 37

Risk Management is being aware of and taking actions to prepare for probable unfavorable outcomes.

Risk Management Framework is a process the implement risk management in an organization.

There are (6) steps to the RMF:
1. Categorize
2. Select
3. Implement
4. Assess
5. Authorize
6. Continuous Monitoring

More on the Risk Management Framework Steps here:

risk management framework steps

Information Security Certification and Accreditation (C&A) specialist

Information Security Certification and Accreditation (C&A) specialist

Please review the job description below and let me know if this position is of interest to you. If it’s not a good fit for you currently, I’d still appreciate the opportunity to cultivate a working relationship with you. In getting to know you better, and in understanding your short-term and long-term career goals, it will certainly be a mutually beneficial relationship moving  forward.
Title:                            Information Security Certification and Accreditation (C&A) specialist
Location:                     Raleigh, NC
Duration:                    6 Months
Job Description:
The client seeks an Information Security Certification and Accreditation (C&A) specialist to perform C&A evaluations across multiple applications, ensuring continual compliance with federal and agency standards
Required Skills:
  • Experience with the Information Resource Security Certification and Accreditation (C&A) processes
  • Must be certified in at least one of the following:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Authorization Professional (CAP)
  • Certified Security Analyst (CSA)
  • Certified Information Security Manager (CISM)
  • Experience with assessing business system for sensitivity and criticality
  • Experience with recommending security requirements, based on generally accepted industry practices
  • Additional Provisions
  • Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
  • Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
  • If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.

DIACAP transition to RMF for DoD IT slides

Intro: 

  • DoDI 8510.01, DoD Information Assurance Certification & Accreditation (DIACAP) is being replaced/modified
  • DoD 8510, Risk Management Framework For DoD IT (The RMF)
    • NEW 8500 based on NIST SP 800 series

DIACAP to the RMF Authority

  • Teri M. Takai Defense CIO (former ASD(NII)), Is the authority behind the transition from DIACAP to The RMF
  • “The DON will continue to use the DoDI 8500.2 as the authoritative source for security controls until otherwise specified. However, understanding the changes represented in NIST SP 800-53r3 will be essential as DoD and the DON begin transitioning to this new set of security controls. To support the transition, the DON CIO developed this security control mapping document to demonstrate how existing DoD and IC security controls map to the security controls recommended by the NIST SP 800-53r3 publication.” —DON CIO

Future of DIACAP

  • DIACAP KS “C&A Transformation” pages that introduce some of the coming changes
  • DIACAP has “Risk Management Framework Transformation Initiative” underway
  • Provides information on use of NIST SP 800-53, NIST SP 800-37, CNSS Instruction 1253
  • Introduces changes being made to DoDD 8500.01, DoDI 8500.2, and DoDI 8510.01

http://youtu.be/7BC7tgCBtyo