What list of the DIACAP is the most acceptable for team members implementing DIACAP?

Answer 1

At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the DoD IS IA manager (IAM), IA officer (IAO), and a user representative (UR) or their representatives.

___

DAA, CA, SIAO, PM, IAM, and IAO (or IASO)

____

From the sections below it would appear the list of individuals responsible for implementing DIACAP would be:

SIAO

DAA (aka PAA)

PM

IAM

IAO (as assigned by the IAM ) - note that the Army calls the IAO the IASO

UR - depending on how you interpret paragraph 5,17.

According to DoDI 8510.01 (DIACAP), paragraph 1.3, the DIACAP instruction:

Establishes or continues the following positions, panels, and working groups to implement the DIACAP: the Senior Information Assurance Officer (SIAO), the Principal Accrediting Authority (PAA), the Defense Information Systems Network (DISN)/Global Information Grid (GIG) Flag Panel, the IA Senior Leadership (IASL), the Defense (previously DISN) IA Security Accreditation Working Group (DSAWG), and the DIACAP Technical Advisory Group (TAG).

From this it can be inferred that individuals responsible for implementing DIACAP include:

the SIAO

the PAA - which can be the DAA

Besides the SIAO and DAA - the sections of DoDI quoted below identify the other team members with responsibility to implement DIACAP:

5.16. The Program Manager (PM) or System Manager (SM) for DoD ISs shall:

5.16.1. Ensure that each assigned DoD IS has a designated IA manager (IAM) with the support, authority, and resources to satisfy the responsibilities established in Reference (d) and this Instruction.

5.16.2. Implement the DIACAP for assigned DoD ISs.

5.16.3. Plan and budget for IA controls implementation, validation, and sustainment throughout the system life cycle, including timely and effective configuration and vulnerability management.

5.16.4. Ensure that information system security engineering is employed to implement or modify the IA component of the system architecture in compliance with the IA component of the GIG Architecture (Reference (c)) and to make maximum use of enterprise IA capabilities and services.

5.16.5. Enforce DAA accreditation decisions for hosted or interconnected DoD ISs.

5.16.6. Develop, track, resolve, and maintain the DIACAP Implementation Plan (DIP) for assigned DoD ISs.

5.16.7. Ensure IT Security POA&M development, tracking, and resolution.

5.16.8. Ensure annual reviews of assigned ISs required by FISMA are conducted.

5.17. The DoD IS URs shall:

5.17.1. Represent the operational interests of the user community in the DIACAP.

5.17.2. Support the IA controls assignment and validation process to ensure user community needs are met.

5.18. The IAMs, in addition to the responsibilities established in Reference (d), shall:

5.18.1. Support the PM or SM in implementing the DIACAP.

5.18.2. Advise and inform the governing DoD Component IA program on DoD ISs C&A status and issues.

5.18.3. Comply with the governing DoD Component IA program information and process requirements.

5.18.4. Provide direction to the IA Officer (IAO) in accordance with Reference (d).

5.18.5. Coordinate with the organization's Security Manager