Accession Number:

ADA517244

Title:

Implications of Aggregated DoD Information Systems for Information Assurance Certification and Accreditation

Descriptive Note:

Corporate Author:

RAND NATIONAL DEFENSE RESEARCH INST SANTA MONICA CA

Report Date:

2010-01-01

Pagination or Media Count:

75.0

Abstract:

The challenges associated with securing U.S. Department of Defense DoD information systems ISs have grown as the departments information infrastructure has become more complex and interconnected. At the same time, the potential negative consequences associated with cyber intrusions have become more severe, as demonstrated by the recently publicized breach of computer networks at defense contractors involved in the development of the F-35 aircraft Gorman, Cole, and Dreazen, 2009. An important question to consider is whether current information assurance IA policies and procedures are sufficient to address this growing threat and well suited to address vulnerability issues associated with highly networked ISs. Presently, all DoD ISs must individually satisfy the certification and accreditation CA requirements outlined in DoD Instruction DoDI 8510.01, DoD Information Assurance Certification and Accreditation Process DIACAP 2007, prior to receiving authorization to operate ATO. As written, the DIACAP is focused on conducting CA for a single system.

Subject Categories:

  • Information Science
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE