Engineering Information Assurance for Critical Infrastructures: The DITSCAP Automation Study

Recent advances in information technology have transformed the way in which mission-critical services get delivered and are evaluated today. These services are heavily and increasingly relying on an interdependent crossed network of critical information infrastructures, spanning from private to government sectors. In order to enable such infrastructures to efficiently mitigate risks, optimize their security posture and evaluate their information assurance (IA) practices, we identify the need for a structured and comprehensive methodology for IA-aware critical infrastructure protection. In this paper, we focus on the automation study of the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) that is a standard for certifying and accrediting the information networks that comprise of the Defense Information Infrastructure (DII). We attempt to generalize a course of actions in DITSCAP that motivate our design principles and modeling techniques, supported by their theoretical backgrounds and demonstrable prototype interfaces to establish their appropriateness.