5.1. The Assistant Secretary of Defense for Command,
Control, Communications, and Intelligence shall:
5.1.1. Oversee and review implementation of this
5.1.2. Review, oversee, and formulate overall policies that
govern DoD security practices and programs to implement the DITSCAP as the
standard DoD process for conducting IT C&A.
5.1.3. Promulgate standards, establish support and training,
and manage the transition to the DITSCAP.
5.1.4. Conduct an annual assessment and/or review of the
DITSCAP and consider proposed changes.
5.1.5. Ensure that each designated approving authority (DAA)
implements and maintains the DITSCAP for security C&A of DoD Component
and DoD contractor IT and networks under their
5.2. The OSD Principal Staff Assistants and the
Chairman of the Joint Chiefs of Staff, in respective areas of
responsibility, shall ensure DoD Component compliance with the DITSCAP.
5.3. The Director, Defense Information Systems
5.3.1. Maintain DITSCAP procedural information in
support of security C&A of DoD Component and DoD contractor IT systems
5.3.2. In coordination with the National Security
Agency (NSA), implement, operate, and maintain an on-line information
assurance support environment (IASE).
5.3.3. In coordination with NSA, provide assistance
such as information system security engineering, security solutions, and
security guidance to the DoD Components in the use of DITSCAP.
5.3.4. Provide DITSCAP training for the DoD
5.3.5. Support the annual review of the
5.4. The Heads of the DoD Components shall:
5.4.1. Implement the DITSCAP
for security C&A of DoD Component and DoD contractor IT systems and
networks in accordance with DoD Directive 5200.28, Pub.L.100-235 (1987),
OMB Circular A-130, DCID 1/16, DoD Directive 5220.22, DoD 5220.22-M, DoD
5220.22-M-Sup. and Chairman of the Joint Chefs of Staff S3231.01
(references (a) through (h)) as
5.4.2. Provide assistance, and support to their
respective Service or Agency constituents, in the implementation of the
5.4.3. Assign responsibility to implement the
standard C&A process to DAA responsible for accrediting each IT and
network under their jurisdiction.
5.4.4. Support the annual review of the