US Department of Defense Information Assurance: Achieving Successful DITSCAP with eZ publish as a Platform
Sunday 19 November 2006 8:23:00 am
The following information is a summary of activities that ATI conducted that enabled DASN (ACQ) One Source to achieve certification and accreditation.
System certification level
One of the first steps to beginning the DITSCAP process was for ATI to define the system's security certification level. This determines the type of activities and tasks that must be completed during the DITSCAP. If the system is rated as Certification Level 2, 3, or 4, the analysis and tasks required for compliance will be much more robust than a Level 1 system.
The DASN (ACQ) One Source is designated as "Unclassified (Public)" and does not include any sensitive business data or classified information. All information and content residing on DASN (ACQ) One Source is publicly available. The DASN (ACQ) One Source Security Certification is a Level 1 system and requires that the Minimum Security Checklists be completed to fulfill DITSCAP requirements.
DOD Information Assurance guidance, regulations and policies
The ATI consultants needed to conduct research and become knowledgeable about all the DOD and Navy information assurance guidance, policy and regulation documentation. It was important to understand which regulations and policies specifically pertained to the One Source system. After making a thorough review of the documentation, ATI gained an understanding of what activities needed to be completed to ensure that the system was in compliance.
Plan for information assurance initiatives early
Early planning is best when trying to achieve successful certification and accreditation. As soon as an information system project is kicked off, it is wise to consider most of your decisions with information assurance in mind. It is also recommended that you have a program strategy to design, develop and deploy your system, and that you plan for information assurance activities and certification and accreditation tasks throughout the project life cycle.