DOD Makes Life Easier for All by Going to Common Security Standards
March 31, 2014 2 Comments
In early March DOD CIO Teri Takai announced a DOD Instruction Memo that DIACAP would be replaced with NIST Risk Management Framework (RMF) standards – now, instead of three standards, there is one security standard across the whole federal government. This has been in the pipeline for quite a while, but is just now becoming a reality. Now more vendors can offer solutions as the costs associated with complying with the additional security framework is eliminated. Systems Integrators will also benefit as they will have more options when providing solutions to the government.
The DOD has decided to adopt the NIST security standards as part of an effort to cut costs. Part of NIST’s philosophy is that security should be designed into the product, not added on top. This philosophy will ensure that new DOD systems are designed with security in mind from the start, rather than security being an afterthought in order to pass accreditation.
To provide some background, DIACAP was the DOD’s certification process for ensuring that DOD information systems would maintain information assurance (IA) throughout the lifecycle of the system. It required a recertification every three years and was separate from the NIST standards that the rest of the government used for IA certification of information systems.
The upshot of all this is that some relief in the form of a common set of standards is headed our way. Approach the DOD with language around solutions that have had security as a priority throughout development. This will resonate with DOD personnel who may be nervous about the end of DIACAP and the adoption of common standards.