0
Does DIACAP state that the information assurance posture of a organization will be reviewed every two years?
Wiki User
∙ 12y ago
DoDI 8510.2 and DoDI 8500.2 require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
Wiki User
∙ 12y ago
Add your answer:
Earn +20 pts
Who ensures that an acceptable security posture is maintained for the information system or organization?
Information Assurance Officer
Does an IA posture of an organization have to be reviewed every two years?
According to DoD regulations, the IA posture of any DoD organization must be reviewed at least annually. FISMA requires that the IA posture of all US government organizations be reviewed at least annually. Many other nations have adopted similar requirements for organizations that they regulate. It should be noted however that the IA postures of paticularly sensitive and/or critical systems need to be reviewed more frequently - perhaps twice a year or even more often depending on the system.
The dod instuction which covers diacap states that the ia posture of an organization?
The relevant DoD Instruction is DoDI 8500.2, which states that the IA posture must be reviewed at least once a year.
What covers DIACAP states that the IA posture of an organization will be reviewed every two years?
DIACAP (DoD 8510.01) requires organizations to abide by DoDI 8500.2. Paragraph 4.9 of 8500.2 states:4.9. All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing.Note that it is the IA posture of the SYSTEM that is reviewed rather than the organization and that the review is EVERY YEAR, not just every 2 years.
Does DIACAP state that the IA posture of an organization will be reviewed every two years?
DoDI 8510.2 and DoDI 8500.2 require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
The dod instruction which covers diacap states that the ia posture of an organization will be reviewed every two?
No - DIACAP required that the posture be at least partially reviewed every year (for the Annual Security Review - aka ASR) except for very sensitive systems that must be reviewed more often - usually every six months. A comprehensive review is required every 3 years under DIACAP.
The dod instuction which covers diacap states that the ia posture of an organization will be reviewed every two years?
FalseThe relevant DoD Instruction is DoDI 8500.2, but it should be noted that the IA posture must be reviewed at least once a year, not just every two years.DoDI 8510.2 (DIACAP) also cites DoDI 8500.2, which requires that the IA posture of all systems belonging to an organization must be reviewed at least once a year.Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
The dod instruction which covers diacap states that the ia posture of an organization will be reviewed every two years?
There is NO DoD instruction that states that IA posture gets reviewed every two years; the relevant DoD Instruction is DoDI 8500.2, but it states that the IA posture must be reviewed at least once a year, not just every two years.DoDI 8510.2 (DIACAP) also cites DoDI 8500.2, which requires that the IA posture of all systems belonging to an organization must be reviewed at least once a year.Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
Ia posture will be reviewed every 2 years?
This answer is per DIACAP (Defense Information Assurance Certifications and Accreditation Program - DODI 8510), as the defacto standard in the field of information assurance; historically the process was over a three year period. However, after due diligence and oversight, it was discovered that many IA Managers and supporting IT personnel were essentially waiting until the last 6 to 12 months (of the 3 year cycle) before full IA reviews were conducted. Currently, in the IT/IA community, the IA posture is considered a dynamically changing process;as changes in the enterprise occur the IA Posture is updated, reviewed and documented, providing a living and current IA life cycle. This process ensures effective management in preventing and/or mitigating the day to day risks and threats of an IT environment as they can occur and immediately record/document the change.
IA posture of an organization will be reviewed every two years?
For US DoD systems: under DIACAP, the IA posture of an organization should be reviewed at least annually. All systems must undergo a complete review at least every 3 years but should also undergo at least a partial review every year (annual security review). More sensitive and more critical systems may be required to undergo review more often - some as often as every 6 months. NIST recommends pretty much the same.
DIACAP requires you to review your IA posture?
Yes - DIACAP requires you to review your IA posture. DoDI 8510.2 (DIACAP) and DoDI 8500.2 both require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
What are the responsibilities of the IASO?
IASO is to ensure that all personnel associated with IS receive system-specific and general awareness security training (see AR 25-2, para 3-2f) including:IA training and certificationIA situation and awareness briefingInformation Assurance Workforce Improvement ProgramInformation Assurance Training and Certification Best Business Practice (BBP)The IASO is also responsible to responsible to the IAM for ensuring that the appropriate operational IA posture is maintained for a DoD information system or organization.
