DIACAP and DIARMF Certification and Accreditation

Coalfire can assess your information system to Department of Defense (DoD) Certification and Accreditation Process (DIACAP) standards in pursuit of a DoD Agency ATO. The DoD has agreed to align C&A process to NIST 800-53 rev3 guidance and a Risk Management Framework (RMF) approach, but control selection will still be governed by DoD protocol.

DIACAP/DIARMF – the Certification and Accreditation (C&A) process for DoD information systems has matured over the past couple years to an RMF approach. Using NIST 800-53 guidance and a matrix formula to determine control selection for DoD systems based on Mission Assurance Category (MAC 1, 2 or 3) level and the Confidentiality Level (Public, Sensitive or Classifed) of the system. Coalfire can assess the controls selected for the system in accordance with the Agency and the RMF process, detail any remediation items and move forward to the certification and accreditation (C&A) recommendation of the system to the DoD agency.

DIACAP / DIARMF follow Risk Management Framework as defined by NIST Special Publications 800-37, 800-53 and FIPS 199 / 200.


The DIACAP / DIARMF process:

  • Initiate and Plan - initiate the system, assign IA controls, initiate IA implementation plan
  • Implement and Validate - Execute the IA plan, conduct validation testing, review results
  • Make C&A Decisions - Review risks, issue certification and decide on accreditation
  • Maintain ATO/Reviews - initiate and update lifecycle implementation plan, maintain the IA posture and situational awareness

Work with Coalfire and leverage our experience as the number 1 assessor of federal cloud environments.