Department of Defense Information Assurance Certification and Accreditation Process, or DIACAP,is the most up-to-date U.S. Department of Defense (DoD) process to ensure that risk management is applied on Information Systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks, and management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the Information Assurance (IA) posture throughout the system's lifecycle.

While the process outlined in DIACAP is necessary both for compliance sake and for establishing a secure environment, constant changes to the network can cause defenses to become misaligned with policies. Thus, it can be difficult to maintain security Certification and Accreditation (C&A) over time.

Network Assurance in C&A Programs: an Indispensable Component of Your IA Strategy

Lumeta’s flagship Network Assurance product, IPsonar®, provides global network visibility which is integral to each of the phases of a federal C&A program. The solution helps agencies address C&A program planning, lifecycle implementation, and, later, audit of compliance and continuous risk assessment. Using IPsonar, organizations can understand their network connections and the resulting risks in order to prioritize and remedy issues. As a result, they can ensure and provide ongoing proof of the confidentiality, integrity, and availability of their systems.

• Initiate and plan: agree on the intended system mission, environment, architecture, security requirements, schedule, effort, and resources required
  Use IPsonar to enable global network visibility. Create a network connectivity baseline and understand all deviations in order to verify that certification plans will work as intended and ensure network continuity.
• Implement and validate: produce a fully integrated system, ready for certification testing
  Perform a network connection rule compliance analysis to evaluate the impact of intended connections across the network and between networks. Network Assurance enables you to understand connectivity and pinpoint areas of vulnerability or unwanted connectivity that might indicate weaknesses in host- or device-based defenses.
• Make C&A decisions: produce evidence to support the designated approving authority (DAA) in making an informed decision to grant approval to operate the system
  Understand, objectively, the evolving operational reality and prioritize risks, enabling executives to quickly assign remediation tasks and, upon rescanning the network, validate implementation.
• Maintain IA and hold reviews: ensure secure system management, operation, and maintenance to preserve an acceptable level of residual risk
  Enable the DAA to conduct regular scans to review the operational state of the network and compare it against security guidelines.