ABSTRACT
DoD Information Technology System Certification and Accreditation Process (DITSCAP)/National Information Assurance Certification and Accreditation Process (NIACAP) establishes a standard process, set of activities, general tasks, and management structure to certify and accredit systems that will maintain the Information Assurance and security posture of a system or site. DITSCAP/NIACAP supports the evaluation of mission requirements versus risk requirements. DITSCAP/NIACAP has several levels of certification to provide the flexibility for appropriate assurance within schedule and budget limitations. The registration initiates the risk management agreement process among the key players of the C&A process, such as the approving authority, systems owners, and certifiers. The Security System Authorization Agreement is the cornerstone of DITSCAP/NIACAP and serves as the tracking document for C&A activities. The program managers’ role is critical because it is intended to represent the interests of the system throughout its life-cycle management. System development and integration activities are those activities required for development or integration of the system’s components.
