Sign up for free:
certification & accreditation
Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months
Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485
E-Mail : email@example.com
Gmail : firstname.lastname@example.org
Title: Information Assurance Lead
Location: Aberdeen, MD
Duration: Full Time
8251 Greensboro Drive, 9th Floor
McLean VA 22102
Office: (877) 715-3865 Ext.328
I get people contacting me every week about jobs all around the US! Today, I am going to show you a couple that I received recently. I hope that it will give you some idea of what employers and contracts look for in security compliance professionals.
There are differences between the old DIACAP (being phased out), DoD RMF for IT and NIST RMF. What is “DIACAP”? It stands for Department of Defense Information Assurance Certification & Accreditation Process and it is based on the old DoDI 8510.01 and DoD 8500 documents. The process was designed to make absolutely sure federal systems have security on them.
With the constant exponential evolution of information technology this process has had to change to keep up with the times. DIACAP is being replaced with DoD Risk Management Framework for Information Technology (DoD RMF for IT). This process has more granularity, more detailed, more frequent and covers many new technology that was not covered by DIACAP. DoD RMF for IT is actually based fundamentally on NIST SP 800-37, Risk Management Framework.
This is an introduction to Step 1, Categorization of the NIST SP 800-37, Risk Management Framework process. Categorization consists of three primary steps:
1) Determining the Security Categorization of the information system. This is done by breaking down the primary information types on the system. You can get great guidance on this from FIPS 199 and NIST SP 800-60 (Volume I-II).
2) Create a System Description. This is really the first step to creating a System Security Plan and it leads to registering the systems.
3) Register the system. This means that you need to advertise the the system to all the stakeholders of the system in the organization. Organizations usually have a method of doing this with a database that can be seen by upper-level management.
Risk Management is being aware of and taking actions to prepare for probable unfavorable outcomes.
Risk Management Framework is a process the implement risk management in an organization.
There are (6) steps to the RMF:
6. Continuous Monitoring
More on the Risk Management Framework Steps here: