DIACAP Annual Review - PowerPoint PPT Presentation

1 / 5
About This Presentation
Title:

DIACAP Annual Review

Description:

To run, fix and mitigate STIGS against the environment ... COED-1 Scheduled Exercises and Drills - Annual. ... COED-2 Scheduled Exercises and Drills - Semi-Annual. ... – PowerPoint PPT presentation

Number of Views:608
Avg rating:3.0/5.0
Slides: 6
Provided by: armytraini
Category:
Tags: diacap | annual | coed | review

less

Transcript and Presenter's Notes

Title: DIACAP Annual Review


1
DIACAP Annual Review
Classification UNCLASSIFIED
  • Purpose To meet the new DIACAP requirement of
    performing and Annual Review for ASAT.
  • To test IA controls
  • To run, fix and mitigate STIGS against the
    environment
  • To document the findings in the Annual Review and
    draft those findings in a Memorandum, to be
    signed by an on-site government representative
    (SO) and retain locally.

2
  • Classification UNCLASSIFIED
  • INFORMATION PAPER

  • NETC-EST-IC
  • 12 October 2007
  • SUBJECT Security Control Test Requirement for
    Federal Information Security Management Act
    (FISMA) Compliance
  • Purpose. Explain the process for performing and
    recording the FISMA required Information System
    (IS) Security Control Test
  • a. The DoDI 8500.2 Information Assurance (IA)
    security control test date must be reported in
    the Army Portfolio Management System (APMS)
    Security Control Test column to meet FISMA
    requirement (ATISD requirement). The date
    reported in the APMS could be any date that the
    system security controls are tested for any
    reason during the FISMA reporting period. If
    you test the controls as part of the
    certification process take credit for the test.
    Remember record the date that the controls were
    tested for any reason. If you have already
    tested the controls you do not need to do another
    test just for this requirement.
  • b. When you test Security Controls to fulfill the
    FISMA annual requirement remember that most
    control testing is based on procedural review and
    that you only need to test the following
    controls
  • Mr. Bill Janosky/703-602-7372
    /Approved by_Leroy Lundgren

3
Classification UNCLASSIFIED
4
Classification UNCLASSIFIED The only time
that you are required to have an ACA validate and
test your IA Controls is when your IS is due an
accreditation. The annual FISMA requirements of
validating your Contingency Test Date Security
Control Test Date and Security Review Date is
where the System Administrator and key personnel
for the IS validate the contingency plan so that
everyone understands in the process of a
hurricane or loss of main power, this is what we
will do, etc... The same goes for testing IA
Controls and reviewing the controls on an annual
basis. You are only required to test certain IA
Controls on an annual basis, per the info paper
that addresses those IA controls that must be
tested annually. Once you have validated
everything you document it in a memorandum and
have the lead government program/project manager
sign the documentation and file for your records
in the event that you get audited.
5
ASAT DIACAP POC
  • Robert Peterson-Fikes
  • General Dynamics Information Technology
  • Bldg 3308, Wilson Ave
  • Fort Eustis, Virginia 23604-5166
  • Robert.petersonfikes_at_us.army.mil
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "DIACAP Annual Review" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!