There is NO DoD instruction that states that IA posture gets reviewed every two years; the relevant DoD Instruction is DoDI 8500.2, but it states that the IA posture must be reviewed at least once a year, not just every two years.
DoDI 8510.2 (DIACAP) also cites DoDI 8500.2, which requires that the IA posture of all systems belonging to an organization must be reviewed at least once a year.
Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
The relevant DoD Instruction is DoDI 8500.2, but it should be noted that the IA posture must be reviewed at least once a year, not just every two years.
DoDI 8510.2 (DIACAP) also cites DoDI 8500.2, which requires that the IA posture of all systems belonging to an organization must be reviewed at least once a year.
Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
False
Re-accreditation (every 3 years)
Actually the requirement is for the posture to be reviewed by the system owner at least annually if it is MAC II or III and every 6 months if it is MAC I.
The relevant DoD Instruction is DoDI 8500.2, which states that the IA posture must be reviewed at least once a year.
No - DIACAP required that the posture be at least partially reviewed every year (for the Annual Security Review - aka ASR) except for very sensitive systems that must be reviewed more often - usually every six months. A comprehensive review is required every 3 years under DIACAP.
FalseThe relevant DoD Instruction is DoDI 8500.2, but it should be noted that the IA posture must be reviewed at least once a year, not just every two years.DoDI 8510.2 (DIACAP) also cites DoDI 8500.2, which requires that the IA posture of all systems belonging to an organization must be reviewed at least once a year.Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
DIACAP (DoD 8510.01) requires organizations to abide by DoDI 8500.2. Paragraph 4.9 of 8500.2 states:4.9. All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing.Note that it is the IA posture of the SYSTEM that is reviewed rather than the organization and that the review is EVERY YEAR, not just every 2 years.
DIACAP is established by DoD Instruction 8510.01.
what covers prp
36-2909
Af 36- 2909
36-2909
Afi 36-2909
What AFI covers deriliction of duty
Afi 32-7086