C&A primer
Matt Micene
Can anyone point me to a primer on DoD C&A processes? I’m trying to wrap my head around DIACAP, DISA ATOs, branch specific C&A processes in light of DoD processes. Is there a hierarchy here at all? How the DISA Approved Products List affects branches needs to do C&A on products?
Public info would be preferable since I don’t have a CAC or a personal cert for anything that requires authentication.
Matt Micene
Solutions Architect, RHCE
DLT Solutions
Direct 703-773-1195
“From patching to configuration and provisioning, learn how to optimize your system performance with Red Hat Network Satellite: www.dlt.com/lifecycle-webcast.”
Matthew Bouillon
Some information that is publicly accessible on DIACAP can be found at http://iase.disa.mil/diacap/ and some other information can be found on the parent site: http://iase.disa.mil
DISA uses the Common Criteria as a baseline: http://iase.disa.mil/common/index.html. I know the Army has a separate approval process for IA and Network equipment that is not publicly accessible that I know about. Not sure what the case is with the other services.
The Army has a separate process for doing a "Certificate of Networthiness (CON)" which requires another layer of approval for software and systems beyond the Common Criteria. Again, I don't know what if anything the other services require.
Matthew Bouillon
US Army, ATC
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
Kane McLean
Kane
Matthew Bouillon
Matthew Bouillon
Scott Winn
I have heard that the Army CoN system is going away (as are the other service-level programs of a similar nature) and there will be a consolidation of the approval process at the DoD level for commercial products that are to be connected to DoD networks. Working to confirm who is in charge and what the plan/timeline is, and will mention it if I find out more.
Scott Winn
Tresys Technology
Phone: +1 410 290-1411 x174
FAX: +1 410 953-0494
Kane McLean
Guy Martin
Frankly, it's about freaking time! When I started working on DoD things, I was appalled (as a technologist, former sysad, and most importantly, as a taxpayer) at the state of affairs within the various fiefdoms in this regard.
While this might seem a small step to some outside of DoD, I think most of us would agree that this would pave the way for actual constructive change in the way technology is acquired and developed for the department.
This can't come soon enough - and I'm sure those of us on this list would be willing to jump in to help as needed.
Thanks.
-Guy
Matt Micene
Are Navy’s DADMS and AF’s iTRM not similar processes to Army’s CoN?
I think that the C&A consolidation under DoD that Scott mentioned would go a long way in getting a significant shift in IT software acquisition for the DoD. Software vendors needing to track and maintain C&S across 4 or more potential processes is crazy.
Thanks for all the responses.
-Matt
From: mil...@googlegroups.com [mailto:mil...@googlegroups.com] On Behalf Of Kane McLean
Sent: Thursday, March 17, 2011 7:55 PM
To: mil...@googlegroups.com
Subject: Re: [mil-oss] C&A primer
The CoN process is unique to the Army. I learned last week that none of the other services have an equivalent to it.
Kane