Information Assurance in the Air Force is probably the most comprehensive of any branch of the US Armed Services. Air Force Instructions (AFI) 33-210, Air Force Certification & Accreditation (C&A) Program (AFCAP) is the USAF framework for implementing DIACAP. This includes all information Assurance of the Air Force and has started to incorporated NIST risk management.
The Air Force expects Information Assurance Managers (aka Information System Security Managers) and Information Assurance Officers (aka Information System Security Officers) to maintain situation awareness restore IA posture and conduct internal Information Assurance assessments testing information assurance controls when necessary.
AFI 33-2xx Information Assurance Air Force
The AFI’s are the manuals that cover all rules and regulations of the Air Force. The AFI 33-xxx series covered all Information Technology rules (I use past tense because the Air Force may change this any day now.. they change everything all the time). AFI 33-2xx covered Information Assurance, Information Security, and anything dealing with security practices on IT.
AFI 33-210, AFCAP references DoD 8570.01-M and eventually DoD 8140 to describe the certification and skill sets necessary for security practitioners conducting Information Assurance in the Air Force. AFI 33-2xx are based on:
- DoDI 8500.02, Information Assurance (IA) Implementation
- NIST SP 800-53 Revision 3, Recommended Security Controls for Federal
- DoDD 8500.01E, Information Assurance, 24 October 2002
- DoDI 8500.2, Information Assurance (IA) Implementation, 6 February 2003
- DoD 8570.01-M, Information Assurance Workforce Improvement Program, 19 December 2005
For more info: http://www.e-publishing.af.mil/