This is great news, no more DIACAP!
Goodbye DIACAP, hello DIARMF
by. Len Marzigliano
"Every few months, an elite group of DoD security experts, IT managers, and senior leadership gather to chart the future course for how Information Assurance will be conducted within the Defense Department. Very soon, this group will introduce sweeping changes to the Certification and Accreditation process, to the extent that personnel roles, job titles, and even the moniker C&A itself will change, evolving into new nomenclature and a new era for the Information Assurance community of practice within the DoD. After implementation, the use of DIACAP Certification and Accreditation processes will cease and DIARMF Assessment and Authorization will become the ‘new normal’ for information technology professionals and risk managers throughout the Defense Department."
"The shift within DoD from DIACAP C&A to DIARMF A&A is a profound change, and the rise of Continuous Monitoring will double the stakes in terms of cost and effort. Practitioners of the traditionally civilian agency NIST standards will be in high demand because of their knowledge of the SP 800-53 control set and SP 800-53A control validation procedures, whereas DIACAP practitioners are only an upgrade course away from being spooled up on the new controls and processes. It’s impossible to understate how all Information Assurance practitioners must be prepared for the profound and swift changes that lie ahead."