Intro:
- DoDI 8510.01, DoD Information Assurance Certification & Accreditation (DIACAP) is being replaced/modified
- DoD 8510, Risk Management Framework For DoD IT (The RMF)
- NEW 8500 based on NIST SP 800 series
DIACAP to the RMF Authority
- Teri M. Takai Defense CIO (former ASD(NII)), Is the authority behind the transition from DIACAP to The RMF
- “The DON will continue to use the DoDI 8500.2 as the authoritative source for security controls until otherwise specified. However, understanding the changes represented in NIST SP 800-53r3 will be essential as DoD and the DON begin transitioning to this new set of security controls. To support the transition, the DON CIO developed this security control mapping document to demonstrate how existing DoD and IC security controls map to the security controls recommended by the NIST SP 800-53r3 publication.” —DON CIO
Future of DIACAP
- DIACAP KS “C&A Transformation” pages that introduce some of the coming changes
- DIACAP has “Risk Management Framework Transformation Initiative” underway
- Provides information on use of NIST SP 800-53, NIST SP 800-37, CNSS Instruction 1253
- Introduces changes being made to DoDD 8500.01, DoDI 8500.2, and DoDI 8510.01