We need better C&A processes

I would like to generate some discussion on the certification and accreditation processes the government uses. I am particularly interested in the Defense Department Information Assurance Certification and Accreditation Process (DIACAP) guidance, which seems to me to be the bargain basement approach to certification and accreditation. Used alone, DIACAP only provides an agency with the process to achieve certification, while not addressing the ongoing analysis of new threats and vulnerabilities. In fact, most processes except the one the National Institute of Standards and Technology has provided are poorly written when it comes to risk assessment.

Anonymous
SAIC

Featured

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

Stay Connected