Implications of Aggregated DoD Information Systems for Information Assurance Certification and Accreditation

Add to Wishlist

Implications of Aggregated DoD Information Systems for Information Assurance Certification and Accreditation

Paperback

$20.00

Paperback
$20.00

SHIP THIS ITEM

In stock. Ships in 1-2 days.
PICK UP IN STORE

Your local store may have stock of this item.

Available within 2 business hours

Want it Today?
Check Store Availability

Related collections and offers

Overview

The challenge of securing U.S. Department of Defense (DoD) information systems has grown significantly. A new approach to information assurance certification and accreditation (IA C&A) is needed to effectively extend the IA C&A process to aggregations of systems and improve their security. An examination of current policy shows that a number of changes could enable the IA C&A of aggregations of DoD information systems on a common platform.

Product Details
Table of Contents

Product Details

ISBN-13:	9780833049483
Publisher:	RAND Corporation
Publication date:	05/16/2010
Series:	Rand Corporation Monograph
Pages:	80
Product dimensions:	5.90(w) x 8.90(h) x 0.30(d)

Preface iii

Figures vii

Tables ix

Summary xi

Acknowledgments xvii

Abbreviations xix

Chapter 1 Background and Objective 1

Background 1

Objective 4

Organization of This Monograph 5

Chapter 2 Growing Challenges for the Information Assurance Certification and Accreditation of DoD Information Systems 7

Software Complexity 7

Increasing Software Vulnerabilities and Malware Population 9

Limitations of Automated Software Review Tools 11

Challenge of Incremental Program Development 11

Increasing Scrutiny of Programs 12

System Interdependence and Interconnectedness 12

Configuration Management and System Administration 13

Chapter 3 Overview of the Current DoD Information Assurance Certification and Accreditation Process 15

DIACAP Activities and Scope 15

Definition of a DoD Information System 16

DIACAP Validation Activities and Results 17

Chapter 4 Aggregation Approach to DoD Information Assurance Certification and Accreditation 19

Degrees of Aggregation 19

Potential DIACAP Policy Issues 23

Initiate and Plan Information Assurance Certification and Accreditation 23

Implement and Validate Information Assurance Controls 24

Decommission 27

Potential DIACAP Implementation Difficulties for Aggregate Information Systems 28

Initiate and Plan Information Assurance Certification and Accreditation 28

Implement and Validate Information Assurance Controls 28

Make Certification Determination and Accreditation Decisions 29

Maintain Authorization to Operate and Conduct Reviews 36

Balancing Transparency and Reporting Requirements 36

Information System Information Assurance Pedigree 37

Chapter 5 Observations and Recommended Changes to DoD and Federal Policy 41

Policy Recommendations 42

Implementation Recommendations 44

A Suggested Partial IA Aggregation Approach 45

Appendixes

A DIACAP System Identification Profile 47

B Definitions of MAC, CL, and MC 53

References 57

From the B&N Reads Blog

Page 1 of

Related collections and offers

Overview

Product Details

Table of Contents

Related Subjects

Customer Reviews