Department of Defense Information Technology Security Certification and Accreditation Process, or DITSCAP, establishes a process across the U.S. Department of Defense (DoD) and activities, tasks, and management structure to certify and accredit Information Systems (IS) that will maintain Information Assurance (IA) and security throughout the risk management lifecycle.

While the process outlined in DITSCAP is necessary both for compliance sake and for establishing a secure environment, constant changes to the network can cause defenses to become misaligned with policies. Thus, it can be difficult to maintain security Certification and Accreditation (C&A) over time.

Network Assurance in C&A Programs: an Indispensable Component of Your IA Strategy

Lumeta’s flagship Network Assurance product, IPsonar®, provides global network visibility which is integral to each of the phases of a federal C&A program. The solution helps agencies address C&A program planning, lifecycle implementation, and, later, audit of compliance and continuous risk assessment. Using IPsonar, organizations can understand their network connections and the resulting risks in order to prioritize and remedy issues. As a result, they can ensure and provide ongoing proof of the confidentiality, integrity, and availability of their systems.

• Definition: agree on the intended system mission, environment, architecture, security requirements, schedule, effort, and resources required
  Use IPsonar to enable global network visibility. Create a network connectivity baseline and understand all deviations in order to verify that certification plans will work as intended and ensure network continuity.
• Verification: produce a fully integrated system, ready for certification testing
  Perform a network connection rule compliance analysis to evaluate the impact of intended connections across the network and between networks. Network Assurance enables you to understand connectivity and pinpoint areas of vulnerability or unwanted connectivity that might indicate weaknesses in host- or device-based defenses.
• Validation: produce evidence to support the designated approving authority (DAA) in making an informed decision to grant approval to operate the system
  Understand, objectively, the evolving operational reality and prioritize risks, enabling executives to quickly assign remediation tasks and, upon rescanning the network, validate implementation.
• Post accreditation: ensure secure system management, operation, and maintenance to preserve an acceptable level of residual risk
  Enable the DAA to conduct regular scans to review the operational state of the network and compare it against security guidelines.