Subj: Department of the Navy Certification and Accreditation Pilot
Ref: (a) DoD Instruction 8500.2, Information Assurance (IA) Implementation, of February 6, 2003
(b) DoD Instruction 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), of November 28, 2007
References (a) and (b) require certification and accreditation (C&A) of information technology (IT) systems within the Department of Defense (DoD). Flexibility within those policies allows the Department of the Navy (DON) to explore process changes that may reduce costs yet maintain a secure environment. The DON plans to investigate these possibilities by piloting a streamlined C&A process. In this pilot, the DON will prepare for transition to the Risk Management Framework, employ security measures focused on mission impact and real threat information, eliminate duplicative and unnecessary efforts, and reduce the overall cost of C&A.
The pilot will employ mission-based approaches to system accreditation. It will investigate alternatives for interim approval timelines and conditions for specialized environments. The pilot will also evaluate prioritized security controls and increased C&A reciprocity between the Navy and Marine Corps. The DON Chief Information Officer and the Service Designated Accrediting Authorities will supervise the pilot to ensure acceptable security is maintained.
My point of contact for this matter is Dan DelGrosso, (703) 695-2900, dan.delgrosso@navy.mil.
Signed by:
Terry A. Halvorsen
http://www.doncio.navy.mil/uploads/0320VDW65467.pdf
Comments (0)