According to DODI 8510.01 (DIACAP), paragraph 4.9:
"All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing."
Note that in the case of a MAC I system, the reviews should occur semi-annually, i.e. every six months.
DIACAP requires that the system owner see that a review of the IA posture of their system be conducted at least annually.
DIACAP requires you to review your IA posture at least annually for as long as the system is in operation (or every 6 months if it is a MAC I system).
Yes - DIACAP requires you to review your IA posture. DoDI 8510.2 (DIACAP) and DoDI 8500.2 both require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
According to DoD 8510.01 (DIACAP), paragraph 5.16.8, the Program Manager (PM) or System Manager (SM) shall:"Ensure annual reviews of assigned ISs required by FISMA are conducted."So reviews must occur at least once a year.
A DIACAP review has to be executed for every new system, for every major change to an existing system, and at least every 3 years for any currently accredited system.
According to DoD 8510.01 (DIACAP), paragraph 4.9:"All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing."And according to paragraph 5.16.8, the Program Manager (PM) or System Manager (SM) shall:"Ensure annual reviews of assigned ISs required by FISMA are conducted."So reviews must occur at least once a year.
DIACAP requires that the security posture of any DoD system be evaluated at least annually. A system must undergo the full DIACAP process prior to being placed into service, whenever a major change occurs, and prior the expiration of the accreditation of the system if it already has an ATO. The DAA issues an ATO for a system for up to 3 years.
DIACAP (DoD 8510.01) requires organizations to abide by DoDI 8500.2. Paragraph 4.9 of 8500.2 states:4.9. All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing.Note that it is the IA posture of the SYSTEM that is reviewed rather than the organization and that the review is EVERY YEAR, not just every 2 years.
DoDI 8510.2 and DoDI 8500.2 require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
DoDI 8510.2 and DoDI 8500.2 require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
DIACAP sets a minimum on how frequently you MUST conduct reviews but does not limit you to only do it that often.According to DoD 8510.01 (DIACAP), paragraph 4.9:"All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing."And according to paragraph 5.16.8, the Program Manager (PM) or System Manager (SM) shall:"Ensure annual reviews of assigned ISs required by FISMA are conducted."So reviews must occur at least once a year.You are free to conduct reviews more frequently if you feel it is beneficial and justified. The IG can conduct reviews of your system as often as they wish as can DISA.
The first DIACAP document that lists the team members will usually be a document called the System Identification Profile (SIP).