Department of Defense Information Assurance Certification and Accreditation Process

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a deprecated United States Department of Defense (DoD) process meant to ensure companies and organizations applied risk management to information systems (IS).

DIACAP defined a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS which maintained the information assurance (IA) posture throughout the system's life cycle.

As of May 2015, the DIACAP was replaced by the "Risk Management Framework (RMF) for DoD Information Technology (IT)".

Although re-accreditations via DIACAP continued through late 2016, systems that had not yet started accreditation by May 2015 were required to transition to the RMF processes.

Applicable IA Controls were assigned based on the system's mission assurance category (MAC) and confidentiality level (CL).