US Department of Defense Information Assurance: Achieving Successful DITSCAP with eZ publish as a Platform
Sunday 19 November 2006 8:23:00 am
The US Department of Defense's Information Technology Security Certification and Accreditation Process (DITSCAP) is the standard Department of Defense (DOD) approach for ensuring that information systems operate at an acceptable level of security risk. The process is the same in all branches of the armed forces and all DOD agencies and applies to all unclassified and classified DOD Information Technology (IT) systems that collect, store, transmit or process information. DITSCAP standardizes and consolidates the activities that lead to the security certification and accreditation of IT systems. Successful certification and accreditation results in an Authority to Operate (ATO) that remains valid for a period of three years.
This article discusses how the Navy organization, the Deputy Assistant Secretary of the Navy for Acquisition Management, DASN (ACQ), successfully achieved certification and accreditation for the One Source website built by Automation Technologies Inc. (ATI). The site is deployed on the Pentagon's network infrastructure (called the Unclassified but Sensitive Internet Protocol Router Network (NIPRNet)) hosted by the United States Army Information Technology Agency (USAITA). The NIPRNet was formerly referred to as the "Non-secure Internet Protocol Router Network".
The DASN (ACQ) One Source web site is a system comprising open-source software that is based on eZ Systems' eZ publish (http://ez.no) software, which is internationally known as a robust, highly customizable content management framework.