Solved

HomeWork-Network Security using C & A and DIACAP

Posted on 2011-03-21
4
601 Views
Last Modified: 2012-05-11
Hello:
I am interested in learning what are the C&A versus DIACAP criterias when evaluating a system? Please refer to question below.

Question:
Assume you are doing the Certification & Accreditation (C&A) on a Department of Defense system. Which “activity” (if any) of the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) do the following tasks fit into? Explain briefly.
a.Risk analysis for possible leaks of Secret data to outsiders (e. g., Wikileaks)
b.Assessment of the security of a crypto-token for system access
c.Physical Security of the installation site
d.Software security testing processes for commercial software
e.Security assessment of software upgrades & patches
0
Comment
Question by:Sundayy
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
It's not an issue of C&A "verses" DIACAP.  DIACAP is one of the many certifications of networthiness which the DoD uses to insure compliance on their networks.  Remember that DoD networks are segmented into two different entities, one for classified information and one for genral communications.  The DIACAP scans on each network look for different issues.  The question doesn't state whether it is secured or non-secured network scan.  My assumption would be non-secure.  If that is the case, it would be B through E because Secret (a Classification) cannot exist on a non-secure network.  If it does, ALL devices on that network must be scrubbed.

If you gave a little more information on what it is you are trying to learn, rather than just asking a test question, I might be able to better explain or clarify.

DrUltima
0
 

Author Comment

by:Sundayy
Comment Utility
Hi:

I'm a Cyber Security Grad student ( Polytechnic Institute of NYU) and I am taking a online class on Information Security Management. The first two questions for this week dealt with the topic of Legal Requirements & Regulatory Compliance.We are to review what are information security laws and ethics.
To see a general view of how laws impact the design of information security.

The next set of questions covers (this one) deals with Assurance, Certification and Accreditation, and the Security Architecture DoD Classified Systems. We are to understand what are the general principles of evaluation and assurance of products with security related functions, and the role of these in system development.

In saying that is there any links which are good reference sites which will provide me with this information's overall ?

Any help you can provide will be appreciated.

Thank You
0
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
Comment Utility
A DIACAP scan checks for STIG compliance.  Remember that if all STIGs are applied, you basically are left with a server good for use as a boat anchor.  Once the DIACAP scan is completed, each site then has to certify each variance (divided into three STIG classes A, B, and C) has a Waiver.  If not it must be mitigated.

DIACAP's official site is http://iase.disa.mil/diacap/

STIG's official site is http://iase.disa.mil/stigs/

DrUltima
0
 

Author Closing Comment

by:Sundayy
Comment Utility
Thank You for the infomation.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Read about achieving the basic levels of HRIS security in the workplace.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now