CAST requirements include the ability to collect metrics onall aspects <strong>of</strong> processing and management <strong>of</strong> C&A informationso that a continuous process improvement program can be supportedas the nature and requirements associated with C&Acontinue to evolve.With CAST, automating major DIACAP requirements will bemet for all information systems, including information technologysystems; networks; circuits; sites; infrastructures; enclaves;and environments and assets that require security certificationand accreditation within the DON, regardless <strong>of</strong> current accreditationstatus.Specific goals for CAST include:Ensuring IA is built in from the concept stage through the lifecycle;Accounting for inheritance <strong>of</strong> information assurance controls;Enforcing annual reviews for all systems and sites; andProviding enterprise-wide visibility into security posture andrisk.By facilitating standardization and quality improvement forC&A packages from the initiation <strong>of</strong> the process, significantreductions in review times, rework and learning curves are expectedimmediately.In addition, early collaboration by stakeholders will ensureadequate identification and resolution <strong>of</strong> security risk issuesearly in the process and not later during formal C&A reviews.Once the CAST procurement award is made, the tool will beinitially implemented during a pilot phase with the objective<strong>of</strong> testing processes, procedures and templates. The pilot willbuild the necessary databases, verify process steps and propertool configuration, conduct test and evaluation, and processselected DIACAP C&A packages to verify tool effectiveness in acontrolled environment.TrainingAt the same time, training will be provided to the C&A communityon the tool and detailed DON processes and policies. It isexpected that training will be an ongoing requirement throughoutthe life <strong>of</strong> CAST. Once CAST is fully implemented, DIACAPtraining will target personnel performing activities in the threemain tiers <strong>of</strong> the C&A process: package creation, review andapproval.Training will focus on required tasks and how to performthese using the tool. Each tier <strong>of</strong> training will contain an overview<strong>of</strong> the DON process flow and build upon the activities accomplishedby all members <strong>of</strong> the C&A team.Since transition from DITSCAP to DIACAP will be gradual overthe next three years, there is a phasing out <strong>of</strong> systems’ C&Adocumentation from DITSCAP to DIACAP. The DIACAP transitionteam will provide subject matter experts to support programand system managers, as well as IA managers, in planning eachsystem transition to DIACAP. This will include assistance in developingtransition plans and answering any related questions.Finally, because systems will begin transitioning to DIACAPprior to full implementation <strong>of</strong> the DON automated tool, allsubmissions <strong>of</strong> C&A packages will continue using existing C&Apackage systems in the near term.The transition to DIACAP is great news for DoD and DON systemdevelopers, program managers and security managers!Additional <strong>Information</strong>The C&A process has undergone major changes over the last severalyears. These were driven by increased awareness <strong>of</strong> security vulnerabilities,shrinking resources and the pressing operational need t<strong>of</strong>ield new and improved capabilities to support the warfighter.The movement from DITSCAP to DIACAP has provided an opportunetime to both automate and standardize the entire end-to-end C&Aprocess to conserve resources and ensure security risk is managed atacceptable levels.To stay abreast <strong>of</strong> the information being developedduring this transition time, readers are encouraged to periodically accessthe DON CIO Web site at www.doncio.navy.mil.For now, programs desiring to make use <strong>of</strong> DIACAP templates canaccess them from the Fleet Forces Web site under the View All SiteContents/Documents tab on the left side <strong>of</strong> the page at https://www.fleetforces.navy.mil/netwarcom/navycanda/default.aspx.For the Marine Corps, users can access the Marine Corps Xacta<strong>Information</strong> Assurance Manager tool available at https://hqtelosweb.hqmc.usmc.mil/.The primary contact for DITSCAP to DIACAP transition technicalsupport can be reached by e-mail at SPSC-DON-DIACAP@navy.mil.Secondary contacts for transition technical support are:<strong>Navy</strong> - Operational Designated Approving Authority (ODAA) - e-mail: <strong>Navy</strong>_ODAA@navy.mil or (757) 417-6719 x0.Marine Corps - Programs <strong>of</strong> record (not yet fielded), contact the MarineCorps Systems Command (Systems Engineering, Interoperability,Architectures & Technology (SIAT)) at (703) 437-3824.All other systems (including fielded programs <strong>of</strong> record), contactthe Marine Corps Enterprise Network Designated Approving Authority(MCEN DAA) by e-mail: M_MCEN_DAA@usmc.mil or (703) 693-3490.Resources• DON DITSCAP to DIACAP Transition Guide, version 1.1, June 9,2008 - under the <strong>Information</strong> Assurance topic area at www.doncio.navy.mil.• DON DIACAP Handbook, version 1.0, July 21, 2008 - under the <strong>Information</strong>Assurance topic area at www.doncio.navy.mil.•DoD Instruction 8510.01, DoD <strong>Information</strong> Assurance Certificationand Accreditation Process (DIACAP), Nov. 28, 2007 - www.dtic.mil/whs/directives/corres/pdf/851001p.pdf.• Secretary <strong>of</strong> the <strong>Navy</strong> Manual, SECNAV M-5239.1, <strong>Information</strong> AssuranceManual, November 2005 - http://doni.daps.dla.mil/SECNAV%20Manuals1/5239.1.pdf.• DoD Directive 8500.01E, <strong>Information</strong> Assurance (IA), Oct. 24, 2002 -www.dtic.mil/whs/directives/. Certified as current April 23, 2007.• DoD Instruction 8500.2, <strong>Information</strong> Assurance (IA) Implementation,Feb. 6, 2003 - www.dtic.mil/whs/directives/corres/pdf/850002p.pdf.Ms. Yuh-Ling Su is the DON DIACAP transition assistant program managerunder PMW 160.40 CHIPS www.chips.navy.mil Dedicated to Sharing <strong>Information</strong> - Technology - Experience
Evolution and revolution arevery different processes …Adm. Vern Clark wrote about"revolution" while serving as<strong>Chief</strong> <strong>of</strong> Naval Operations.Today, the retired CNO still refers to revolutionwhen publicly speaking about hisefforts to change and improve businessprocesses within the <strong>Navy</strong>. He confessedthat, even as the second longest servingCNO, he didn’t have time for “evolution,”which is why he unapologetically choserevolution.Evolution and revolution are very differentprocesses. While evolution is aprocess <strong>of</strong> gradual and relatively peacefulsocial, political or economic advance,revolution is a sudden, radical and absolutechange.Evolution in business processes providestime for people to accept slow methodicalchanges. On the other hand, revolutionis generally difficult for people toaccept due to rapid change and is <strong>of</strong>tenviewed negatively.Revolution is used to describe changein many business processes. In fact, moderncomputers and s<strong>of</strong>tware are results <strong>of</strong>a revolution that led to the Silicon Valleyhigh-tech empires in Northern California.The convergence <strong>of</strong> cellular technology,the Global Positioning System (GPS)and a long list <strong>of</strong> services, technologiesand devices are setting the stage for awireless revolution that will influence ourpersonal lives, business processes and thecapabilities <strong>of</strong> the Marine Corps and <strong>Navy</strong>,in such a way not seen since the introduction<strong>of</strong> modern warfare.The Marine Corps and <strong>Navy</strong> have globalresponsibilities, and they require a significantnumber <strong>of</strong> radio frequencies toconduct their worldwide operations. Allradio frequencies are recognized by internationallaw as belonging to each andevery nation.U.S. forces face access issues in eachcountry in which they operate due tocompeting civilian or government users<strong>of</strong> national spectrum allocations. For example,when the Marine Corps and <strong>Navy</strong>are operating in Japan, the Japanese governmentregulates the radio frequenciesU.S. naval forces can use. The same is truefor Australia, Republic <strong>of</strong> Korea and allsovereign nations.But even though radio frequencies areallocated, a large portion <strong>of</strong> the assignedspectrum is used sporadically, and thereare wide variations in the use <strong>of</strong> assignedspectrum. The limited available spectrumand the inefficiency <strong>of</strong> its usage demandsa new methodology to exploit existingwireless spectrum "opportunistically."The wireless revolution is just beginning.A number <strong>of</strong> radical changes in theuse <strong>of</strong> the electromagnetic spectrum, orradio frequencies, will soon have “dynamic”effects on naval capabilities. DynamicSpectrum Access (DSA) refers to radiosand other wireless capabilities that dynamicallyadjust to the spectrum environmentand access radio frequencies thatare unused or underused.Access to spectrum, along with the correspondingcapabilities and bandwidthmay, by today’s standards, be almost limitless.The Defense Advanced ResearchProjects Agency (DARPA) has developedDSA capability known as "Next Generation"or "XG," which promises significantbenefits to forward deployed Marinesand Sailors. Commercial companies arealso developing DSA capabilities.The goals <strong>of</strong> the XG program are todevelop both the enabling technologiesand system concepts, along with newwaveforms to provide dramatic improvementsfor assured military communicationsin support <strong>of</strong> worldwide operations,according to DARPA.The XG program approach plans to investigatemethods to leverage the technologybase in microelectronics, withnew waveforms and medium access andcontrol protocol technologies, to constructan integrated system.The proposed program goals are to develop,integrate and evaluate the technologyto enable equipment to automaticallyselect spectrum and operating modes tominimize disruption to existing users andto ensure that U.S. forces can fully exploittheir superiority and investment in informationtechnology.DSA will revolutionize naval wirelesscapabilities by providing greater access tolimited spectrum resources. Today, thereare considerable obstacles to employingDSA. International and national spectrumgoverning bodies control spectrum usethrough rigid radio frequency allocationsthat <strong>of</strong>ten result in one frequency perwireless use.The benefits <strong>of</strong> DSA to the MarineCorps and the <strong>Navy</strong> will be impressive,but changes to national and especiallyinternational spectrum governance areinexplicably slow.The DON Spectrum Team is "plottinga spectrum revolution," and we are notalone. We are part <strong>of</strong> a global spectrumrevolutionary movement <strong>of</strong> industry, privateconsortia and other progressive nationson the leading edge <strong>of</strong> technology.A revolution is seldom accomplishedalone.For more information, please go to the DON CIOWeb site at www.doncio.navy.mil, or contact theteam at DONSpectrumTeam@navy.mil.CHIPS October – December 2008 41