We need better C&A processes

Subscribe Now!

Table of Contents

Business
BPM
CXOs
Columns
Columnists
Defense
E-Government
Elections 2008
Enterprise Architecture
Funding
Homeland Security
Health IT
IPv6
LOB
Management
Procurement
Privacy
Policy
Program Management
State and Local
Security
Technology
Telework
Training and Certification
Workforce

More Topics

Home
Letters to the Editor
Current Issue/Download
Print/Online Archives
Editorial Calendar

Communications for Continuity Operations

Oracle Resource Center

NEW - Data Center Virtualization
NEW - Air Force ELSG Contract Guide
NEW - Security Management
NEW - DOD and Security Guide
Networx Contract Guide
SEWP IV Contract Guide
Priority Report: Virtualization
NEW - CHESS formerly ASCP
New - SATCOM II

More >>

Tech Watch: Ruggedized Computing GWAC Buyers Guide GSA Agency Report Green Solutions Guide Government Leadership Survey Report: Information Sharing DISA IT Strategy & Vision Emergency Preparedness Report Report: Green Computing PEO EIS Guidebook Content Library

Latest News

The most recent management and policy news from FCW.com

Navy details NMCI follow-on plan

OMB gives Networx a boost

Gustav triggers COOP

Spy agencies prepare for administration change

CBP installs RFID readers on border

The latest technology news from GCN.com

Regional communications system takes shape

Glitch tarnishes Chrome browser

Looking to balance Internet scale

Economic indicators for security industry are looking up

Data storage compromise

The latest industry news from WashingtonTechnology.com

Army wants to recruit small businesses for FCS

DOD activity seeks disaster recovery support

CTG to tackle Alaska information security work

Exalt to aid DOD with transition planning

Battelle wins pair of Air Force chem-bio deals

Letters to the Editor:

We need better C&A processes

By Stephanie Kanowitz
Published on August 7, 2007 - 04:01 AM

Comment

Click here to comment on this blog

Newsletters

You might also be interested in these FCW newsletters:

Daily

To learn more, click here.

I would like to generate some discussion on the certification and accreditation processes the government uses. I am particularly interested in the Defense Department Information Assurance Certification and Accreditation Process (DIACAP) guidance, which seems to me to be the bargain basement approach to certification and accreditation. Used alone, DIACAP only provides an agency with the process to achieve certification, while not addressing the ongoing analysis of new threats and vulnerabilities. In fact, most processes except the one the National Institute of Standards and Technology has provided are poorly written when it comes to risk assessment.

Anonymous SAIC

View Comments

There are currently no comments to display.