DoD Information Assurance Certification and Accreditation Process

icon_10The US Department of Defense process to ensure the management of risks on Information Systems (IS) is the DoD Information Assurance Certification and Accreditation Process (DIACAP). This policy is applied to information systems of DoD­ contractors and related units / departments.

The Department of Defense (DoD) defines personal information as "information about an individual that identifies, links relates or is unique to, or describes him or her, e.g., social security number (SSN); age; military rank; civilian grade; marital status; race; salary' home/office phone numbers; other demographic, biometric, personnel, medical, and financial information, etc.  Such information is also known as personally identifiable information (PII) (i.e., information which can be used to distinguish or trace an individual's identity, such as their name, social security number, date of birth, place of birth, mother's maiden name, or biometric records, including any other PII which is linked or link able to a specified individual").

GTB Data Protection solutions provide the capability to protect all sensitive PII from being sent to unauthorized persons or locations, either intentionally or by accident while supporting and reinforcing a user culture which emphasizes the protection of privacy act information.

GTB DLP has built in policies which apply to Personally Identifiable Information (PII information such as social security numbers or credit card numbers (PCI)) with sensitive private information, such as health conditions, names of crimes, and ethnicities.  These aid in compliance with DoD Privacy Program (DoD 5400.11-R) and Privacy of Health Information in DoD Health Care (DoD 6025.18).

Other built in policies for compliance with DoD 8520.1 - Protection of Sensitive Compartmented Information (SCI), which detect confidential information about a departments network, and confidential documents.

GTB's solutions also provide an organization with PII situational awareness such as hotspots across the organization and are easily integrated with existing applications, resources and management systems.

Sources: DoD 5400.11, DOD Privacy Program, 8 May 2007, paragraph E2.2 and DoD 5400.11-R, Department of Defense Privacy Program, 14 May 2007, paragraph DL1.14