Implications of Aggregated DoD Information Systems for Information Assurance Certification and Accreditation

by Eric Landree, Daniel Gonzales, Chad J. R. Ohlandt, Carolyn Wong


Download eBook for Free

Full Document

FormatFile SizeNotes
PDF file 0.7 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Summary Only

FormatFile SizeNotes
PDF file 0.1 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback80 pages $20.00 $16.00 20% Web Discount

The challenges associated with securing U.S. Department of Defense (DoD) information systems have grown as the department's information infrastructure has become more complex and interconnected. At the same time, the potential negative consequences associated with cyber intrusions have become more severe. Are current information assurance (IA) policies and procedures sufficient to address this growing threat, and are they able to address vulnerability issues associated with highly networked information systems? The current IA certification and accreditation (C&A) process focuses on individual, discrete systems or components of larger, aggregated information systems and networks that are colocated or operate on the same platform (such as a Navy ship). An examination of current policy shows that a new approach is needed to effectively extend the IA C&A process to aggregations of information systems and improve the security of DoD information systems. A number of recommendations are put forth to improve current IA policy and to enable the IA C&A of aggregations of DoD information systems that reside on a common platform.

Table of Contents

  • Chapter One

    Background and Objective

  • Chapter Two

    Growing Challenges for the Information Assurance Certification and Accreditation of DoD Information Systems

  • Chapter Three

    Overview of the Current DoD Information Assurance Certification and Accreditation Process

  • Chapter Four

    Aggregation Approach to DoD Information Assurance Certification and Accreditation

  • Chapter Five

    Observations and recommended Changes to DoD and Federal Policy

  • Appendix A

    DIACAP System Identification Profile

  • Appendix B

    Definitions of MAC, CL, and MC

The research described in this report was sponsored by the United States Navy. The research was conducted in the RAND National Defense Research Institute, a federally funded research and development center sponsored by the Office of the Secretary of Defense, the Joint Staff, the Unified Combatant Commands, the Department of the Navy, the Marine Corps, the defense agencies, and the defense Intelligence Community.

This report is part of the RAND Corporation Monograph series. RAND monographs present major research findings that address the challenges facing the public and private sectors. All RAND monographs undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.