Implications of Aggregated DoD Information Systems for Information Assurance Certification and Accreditation
Download
Full Document
Full Document
| Format | File Size | Notes |
|---|---|---|
| PDF file | 0.7 MB | Use Adobe Acrobat Reader version 10 or higher for the best experience. |
Summary Only
| Format | File Size | Notes |
|---|---|---|
| PDF file | 0.1 MB | Use Adobe Acrobat Reader version 10 or higher for the best experience. |
Purchase
Purchase Print Copy
| Format | List Price | Price | |
|---|---|---|---|
| Add to Cart | Paperback80 pages | $20.00 | $16.00 20% Web Discount |
The challenges associated with securing U.S. Department of Defense (DoD) information systems have grown as the department's information infrastructure has become more complex and interconnected. At the same time, the potential negative consequences associated with cyber intrusions have become more severe. Are current information assurance (IA) policies and procedures sufficient to address this growing threat, and are they able to address vulnerability issues associated with highly networked information systems? The current IA certification and accreditation (C&A) process focuses on individual, discrete systems or components of larger, aggregated information systems and networks that are colocated or operate on the same platform (such as a Navy ship). An examination of current policy shows that a new approach is needed to effectively extend the IA C&A process to aggregations of information systems and improve the security of DoD information systems. A number of recommendations are put forth to improve current IA policy and to enable the IA C&A of aggregations of DoD information systems that reside on a common platform.
Table of Contents
Chapter One
Background and Objective
Chapter Two
Growing Challenges for the Information Assurance Certification and Accreditation of DoD Information Systems
Chapter Three
Overview of the Current DoD Information Assurance Certification and Accreditation Process
Chapter Four
Aggregation Approach to DoD Information Assurance Certification and Accreditation
Chapter Five
Observations and recommended Changes to DoD and Federal Policy
Appendix A
DIACAP System Identification Profile
Appendix B
Definitions of MAC, CL, and MC
Research conducted by
The research described in this report was sponsored by the United States Navy. The research was conducted in the RAND National Defense Research Institute, a federally funded research and development center sponsored by the Office of the Secretary of Defense, the Joint Staff, the Unified Combatant Commands, the Department of the Navy, the Marine Corps, the defense agencies, and the defense Intelligence Community.
This report is part of the RAND Corporation Monograph series. RAND monographs present major research findings that address the challenges facing the public and private sectors. All RAND monographs undergo rigorous peer review to ensure high standards for research quality and objectivity.
Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.