DIACAP/DIARMF – the Certification and Accreditation (C&A) process for DoD information systems has matured over the past couple years to an RMF approach. Using NIST 800-53 guidance and a matrix formula to determine control selection for DoD systems based on Mission Assurance Category (MAC 1, 2 or 3) level and the Confidentiality Level (Public, Sensitive or Classifed) of the system. Coalfire can assess the controls selected for the system in accordance with the Agency and the RMF process, detail any remediation items and move forward to the certification and accreditation (C&A) recommendation of the system to the DoD agency.
DIACAP / DIARMF follow Risk Management Framework as defined by NIST Special Publications 800-37, 800-53 and FIPS 199 / 200.
The DIACAP / DIARMF process:
Initiate and Plan - initiate the system, assign IA controls, initiate IA implementation plan
Implement and Validate - Execute the IA plan, conduct validation testing, review results
Make C&A Decisions - Review risks, issue certification and decide on accreditation
Maintain ATO/Reviews - initiate and update lifecycle implementation plan, maintain the IA posture and situational awareness
Work with Coalfire and leverage our experience as the number 1 assessor of federal cloud environments.