DCAR-1

DCAR-1 Procedural Review

Overview

An annual IA review is conducted that comprehensively evaluates existing policies and processes to ensure procedural consistency and to ensure that they fully support the goal of uninterrupted operations.

MAC / CONF	Impact	Subject Area
MACI MACII MACIII	Medium	Security Design and Configuration

Details

Threat
Complacency in regards to the periodic review of existing policies and processes opens the door to emerging security threats that can negatively impact mission success. The dynamic nature of information technology warrants at least an annual review of existing policies and processes to help achieve uninterrupted operations.

Guidance
1. The DIACAP Team shall be an active participant in annual review process. 2. An annual IA review shall be conducted that comprehensively evaluates existing policies and processes to ensure procedural consistency and to ensure that they fully support the goal of uninterrupted operations. 3. The annual review process should account for the analysis of projected policy needs, and produce a plan for development or implementation of new policies or processes.

Guidance

1. The DIACAP Team shall be an active participant in annual review process.
2. An annual IA review shall be conducted that comprehensively evaluates existing policies and processes to ensure procedural consistency and to ensure that they fully support the goal of uninterrupted operations.
3. The annual review process should account for the analysis of projected policy needs, and produce a plan for development or implementation of new policies or processes.

References

DoDI 8500.2, Information Assurance (IA) Implementation, para E3.3.10, 06 February 2003
Section 2224 of title 10, United States Code,"Defense Information Assurance Program”, 05 October 1999