ABSTRACT
The Department of Defense Information Assurance
Certification and Accreditation Process (DIACAP)[1] is the
new process for the certification of all information systems.
DIACAP includes 157 IA controls, grouped into eight
categories. The level of controls required for a specific
system depends on two factors: its mission assurance cate-
gory (MAC) and its confidentiality level (CL).