Department of Defense
INSTRUCTION
NUMBER 8510.01
November 28, 2007
ASD(NII)/DoD CIO
SUBJECT: DoD Information Assurance Certification and Accreditation Process (DIACAP)
References: (a) Subchapter III of Chapter 35 of title 44, United States Code, “Federal
Information Security Management Act (FISMA) of 2002”
(b) DoD Directive 8500.01E, “Information Assurance (IA),” October 24, 2002
(c) DoD Directive 8100.1, “Global Information Grid (GIG) Overarching Policy,”
September 19, 2002
(d) DoD Instruction 8500.2, “Information Assurance (IA) Implementation,”
February 6, 2003
(e) through (ab), see Enclosure 1
1. PURPOSE
This Instruction:
1.1. Implements References (a), (b), (c), and (d) by establishing the DIACAP for authorizing
the operation of DoD Information Systems (ISs).
1.2. Cancels DoD Instruction (DoDI) 5200.40; DoD 8510.1-M; and ASD(NII)/DoD CIO
memorandum, “Interim Department of Defense (DoD) Information Assurance (IA) Certification
and Accreditation (C&A) Process Guidance” (References (e), (f), and (g)).
1.3. Establishes or continues the following positions, panels, and working groups to
implement the DIACAP: the Senior Information Assurance Officer (SIAO), the Principal
Accrediting Authority (PAA), the Defense Information Systems Network (DISN)/Global
Information Grid (GIG) Flag Panel, the IA Senior Leadership (IASL), the Defense (previously
DISN) IA Security Accreditation Working Group (DSAWG), and the DIACAP Technical
Advisory Group (TAG).
1.4. Establishes a C&A process to manage the implementation of IA capabilities and
services and provide visibility of accreditation decisions regarding the operation of DoD ISs,
including core enterprise services- and Web services-based software systems and applications.
Downloaded from http://www.everyspec.com
