Jim, your organizations IAM, has been contacted by the Program Manager to assist in implementing the DIACAP. Jim is not required to assist the PM in this activity, and should pass this activity off to the IAO?


2 Answers

Frances Bott Profile
Frances Bott answered
The  DoD Information Assurance Certification and Accreditation Process supersedes the DITSCAP. DIACAP is a risk management system applicable to information systems.

• Jim
Since Jim is an Information Assurance Manager within the DIACAP guidelines, he is directly responsible for the security and integrity of the equipment in his care. He is the point of contact for all security based queries regarding his area of responsibility, so as such he should make efforts to assist the program manager as this would enhance the security and risk assessments of his existing information systems.

Within the United States Marine Corps, Information Assurance Managers are responsible for all aspects of their information systems. This would imply that even if Jim is not required to assist the PM in the activity, he will still be involved in it. 

As a serving officer reporting to his commanding officer, it can easily be within his remit to perform the DIACAP implementation. Information Assurance Officers are also responsible for ensuring the security of each piece of information technology system, again extending the remit of the DIACAP implementation.

It may be possible within the chain of command to pass the implementation process back to the Information Assurance Officer (IAO) as the IAM's immediate superior but ultimately the whole process of assurance and protection along with the assessment of risk embedded in the DIACAP procedure would be highly beneficial to Jim since it would mean accreditation of all of his information systems, and could therefore lead to their wider use without any further hassle.

Answer Question