At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the DoD IS IA manager (IAM), IA officer (IAO), and a user representative (UR) or their representatives.
___
DAA, CA, SIAO, PM, IAM, and IAO (or IASO)
____
From the sections below it would appear the list of individuals responsible for implementing DIACAP would be:
SIAO
DAA (aka PAA)
PM
IAM
IAO (as assigned by the IAM ) - note that the Army calls the IAO the IASO
UR - depending on how you interpret paragraph 5,17.
According to DoDI 8510.01 (DIACAP), paragraph 1.3, the DIACAP instruction:
Establishes or continues the following positions, panels, and working groups to implement the DIACAP: the Senior Information Assurance Officer (SIAO), the Principal Accrediting Authority (PAA), the Defense Information Systems Network (DISN)/Global Information Grid (GIG) Flag Panel, the IA Senior Leadership (IASL), the Defense (previously DISN) IA Security Accreditation Working Group (DSAWG), and the DIACAP Technical Advisory Group (TAG).
From this it can be inferred that individuals responsible for implementing DIACAP include:
the SIAO
the PAA - which can be the DAA
Besides the SIAO and DAA - the sections of DoDI quoted below identify the other team members with responsibility to implement DIACAP:
5.16. The Program Manager (PM) or System Manager (SM) for DoD ISs shall:
5.16.1. Ensure that each assigned DoD IS has a designated IA manager (IAM) with the support, authority, and resources to satisfy the responsibilities established in Reference (d) and this Instruction.
5.16.2. Implement the DIACAP for assigned DoD ISs.
5.16.3. Plan and budget for IA controls implementation, validation, and sustainment throughout the system life cycle, including timely and effective configuration and vulnerability management.
5.16.4. Ensure that information system security engineering is employed to implement or modify the IA component of the system architecture in compliance with the IA component of the GIG Architecture (Reference (c)) and to make maximum use of enterprise IA capabilities and services.
5.16.5. Enforce DAA accreditation decisions for hosted or interconnected DoD ISs.
5.16.6. Develop, track, resolve, and maintain the DIACAP Implementation Plan (DIP) for assigned DoD ISs.
5.16.7. Ensure IT Security POA&M development, tracking, and resolution.
5.16.8. Ensure annual reviews of assigned ISs required by FISMA are conducted.
5.17. The DoD IS URs shall:
5.17.1. Represent the operational interests of the user community in the DIACAP.
5.17.2. Support the IA controls assignment and validation process to ensure user community needs are met.
5.18. The IAMs, in addition to the responsibilities established in Reference (d), shall:
5.18.1. Support the PM or SM in implementing the DIACAP.
5.18.2. Advise and inform the governing DoD Component IA program on DoD ISs C&A status and issues.
5.18.3. Comply with the governing DoD Component IA program information and process requirements.
5.18.4. Provide direction to the IA Officer (IAO) in accordance with Reference (d).
5.18.5. Coordinate with the organization's Security Manager
DAA, CA, SIAO, PM, IAM, and IAO (or IASO)
DAA, CA, SIAO, PM, IAM, and IAO (or IASO)www.lunarline.com - best in the biz
According to DoDI 8510.01, Enclosure 2: E2.25. DIACAP Team. Comprised of the individuals responsible for implementing the DIACAP for a specific DoD IS. At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the DoD IS IA manager (IAM), IA officer (IAO), and a user representative (UR) or their representatives.
This question is now outdated since the DoD has moved to RMF as their accreditation mechanism. Under RMF the team members should include the AO (authorizing official), CA (certification authority), system owner, and user representative.
The short answer is - YES. Both the IAM and the IAO have responsibilities in implementing DIACAP. Table E3.A1.T1 of DoDI 8500.2 states that the System Identification Profile must list the members of the DIACAP team, to wit: Identify the DIACAP Team (e.g., DAA, the CA, the DoD IS PM or SM, the DoD IS IAM, IAO, and UR. Note that BOTH the IAM and IAO are listed. The acronym IASO is synonymous with IAO.
Both the IAM and the IAO have responsibilities in implementing DIACAP. Table E3.A1.T1 of DoDI 8500.2 states that the System Identification Profile must list the members of the DIACAP team, to wit: Identify the DIACAP Team (e.g., DAA, the CA, the DoD IS PM or SM, the DoD IS IAM, IAO, and UR. Note that BOTH the IAM and IAO are listed. The acronym IASO is synonymous with IAO. The IAM may delegate the actual work to the IAO/IASO but still has ultimate responsibility to see that the work gets done. They do not have sole responsibility however - the other listed team members also share the responsibility.
list the majoir barrier of decentralazition
A "white list" is a list of acceptable entities. In computer network protection it is a list of acceptable connections - all others are blocked. This is in contrast to a "black list" which is a list of connections that are prohibited - with all others allowed.
All information should be acceptable for a family tree. However, if you are going to publish your family tree, it would not be advisable to list any information on living members.
list the major barriers you see to implementing decentralization in scenario A.
Information Card
Information Card