The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the Department of Defense (DoD) process to ensure that risk management is applied on Information Systems (IS). DoDI lays down the foundation of definitions and controls for Information Assurance (IA) across DoD. DIACAP is the result of a NSA directed shift in underlying security paradigm and succeeds its predecessor: DITSCAP.

DIACAP embraces of the idea of information assurance controls (defined in DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system’s mission assurance category (MAC) and confidentiality level (CL).

EventTracker believes that it is crucial to monitor for compliance in a manner as close to real-time as possible.

Using EventTracker to meet DoDI 8500.2 Requirements

EventTracker manages information system accounts, including: Identifying authorized users of the information system and specifying access privileges; Establishing, activating, modifying, disabling, and removing accounts; Notifying account managers when temporary accounts are no longer required and when information system users are terminated, transferred, or information system usage or need-to-know/need-to-share changes.

EventTracker manages Access control policies and access enforcement mechanisms to control access between users and objects in the information system.

Consideration is given to the implementation of an audited, explicit override of automated mechanisms in the event of emergencies or other serious events. If encryption of stored information is employed as an access enforcement mechanism, the cryptography used is FIPS 140-2 (as amended) compliant.

EventTracker monitors unauthorized use of the information system. It monitors the information system both externally and internally. External monitoring includes the observation of events occurring at the system boundary (i.e., part of perimeter defense and boundary protection). Internal monitoring includes the observation of events occurring within the system (e.g., within internal organizational networks and system components). Information system monitoring capability is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, audit record monitoring software, network monitoring).

EventTracker monitors audit processing failures like software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded.

EventTracker monitors unauthorized remote access to the information system. It authorizes remote access to the information system prior to connection and enforces requirements for remote connections to the information system.

EventTracker successfully monitors the complete audit information the comprises of information about audit records, audit settings and audit reports.

EventTracker monitors any changes to the hardware, software, and/or firmware components of the information system that can potentially have significant effects on the overall security of the system.

EventTracker provides the essential capabilities and specifically prohibits or restricts the use of the following functions, ports, protocols, and/or services: (Assignment: organization-defined list of prohibited or restricted functions, ports, protocols, and/or service).

It also monitors unauthorized changes to software and information.

EventTracker Vulnerability Assessment Service scans for vulnerabilities in the information system and hosted applications and when new vulnerabilities potentially affecting the system/applications are identified and reported.