ASC's DIACAP to ICD 503 course is designed for Information System Security and Information Assurance Professionals responsible for implementing and assessing security policies, practices, procedures and technologies. The course will cover implementation and conduct of Intelligence Community (IC) information systems assessment, authorization, risk management and continuous monitoring in accordance with ICD 503. We will provide students with new methods and approaches to assessing and authorizing IT systems within the Intelligence Community. The course will deliver applicable national security level guidelines and methodologies with specific focus on IC Standards, plans, methods, processes, and templates. the student will become familiar with IC 503 templates and processes through case studies and exercises.

The following are used in the course:

  • ICD 503, Information Technology Systems Security Risk Management, Certification, and Accreditation
  • DIACAP
  • IT networks, systems, terminology and System Development Life Cycle (SDLC)
  • NIST Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems; NIST Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View; NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations; and CNSS Instruction 1253, Security Categorization and Control Selection for National Security Systems.

Pre-requisites:

  • Experience and/or knowledge of DCID 6/3, JAFAN 6/3 and DIACAP