According to DODI 8500.2, the "DIACAP team members" are defined as:
E2.25. DIACAP Team. Comprised of the individuals responsible for implementing the DIACAP for a specific DoD IS. At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the DoD IS IA manager (IAM), IA officer (IAO), and a user representative (UR) or their representatives.
The first DIACAP document that lists the team members will usually be a document called the System Identification Profile (SIP).
DIACAP Knowledge Service.
According to DODI 8500.2, the "DIACAP team members" are defined as: E2.25. DIACAP Team. Comprised of the individuals responsible for implementing the DIACAP for a specific DoD IS. At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the DoD IS IA manager (IAM), IA officer (IAO), and a user representative (UR) or their representatives.
According to DoDI 8510.01, Enclosure 2: E2.25. DIACAP Team. Comprised of the individuals responsible for implementing the DIACAP for a specific DoD IS. At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the DoD IS IA manager (IAM), IA officer (IAO), and a user representative (UR) or their representatives.
DAA, CA, SIAO, PM, IAM, and IAO (or IASO)www.lunarline.com - best in the biz
DAA, CA, SIAO, PM, IAM, and IAO (or IASO)
This question is now outdated since the DoD has moved to RMF as their accreditation mechanism. Under RMF the team members should include the AO (authorizing official), CA (certification authority), system owner, and user representative.
While DKO (Defense Knowledge Service) elaborates on the roles and responsibilities of DIACAP team members, the authoritative original source is in the DIACAP document: DoDI 8510.01. Section 5.15 details the role of the DAA. Section 5.16 details the role of the Program or System Manager. Section 5.17 details the role of the User Representative. Section 5.18 details the role of the IAM.
The short answer is - YES. Both the IAM and the IAO have responsibilities in implementing DIACAP. Table E3.A1.T1 of DoDI 8500.2 states that the System Identification Profile must list the members of the DIACAP team, to wit: Identify the DIACAP Team (e.g., DAA, the CA, the DoD IS PM or SM, the DoD IS IAM, IAO, and UR. Note that BOTH the IAM and IAO are listed. The acronym IASO is synonymous with IAO.
The roles are listed in DoDI 8510. Usually the names of those filling the roles will also be listed in the Certification and Accreditation Plan (C&A Plan)
Both the IAM and the IAO have responsibilities in implementing DIACAP. Table E3.A1.T1 of DoDI 8500.2 states that the System Identification Profile must list the members of the DIACAP team, to wit: Identify the DIACAP Team (e.g., DAA, the CA, the DoD IS PM or SM, the DoD IS IAM, IAO, and UR. Note that BOTH the IAM and IAO are listed. The acronym IASO is synonymous with IAO. The IAM may delegate the actual work to the IAO/IASO but still has ultimate responsibility to see that the work gets done. They do not have sole responsibility however - the other listed team members also share the responsibility.
DIACAP replaced DITSCAP as the process for certification and accreditation of DoD information systems. DIACAP supersedes DITSCAP.