National Information Assurance Certification and Accreditation Process

The National Information Assurance Certification and Accreditation Process (NIACAP) formerly was the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national-security information. NIACAP was derived from the Department of Defense Certification and Accreditation Process (DITSCAP), and it played a key role in the National Information Assurance Partnership.

The Committee on National Security Systems (CNSS) Policy (CNSSP) No. 22 dated January 2012 cancelled CNSS Policy No. 6, “National Policy on Certification and Accreditation of National Security Systems,” dated October 2005, and National Security Telecommunications and Information Systems Security Instruction (NSTISSI) 1000, “National Information Assurance Certification and Accreditation Process (NIACAP),” dated April 2000. CNSSP No. 22 also states that "The CNSS intends to adopt National Institute of Standards and Technology (NIST) issuances where applicable. Additional CNSS issuances will occur only when the needs of NSS are not sufficiently addressed in a NIST document. Annex B identifies the guidance documents, which includes NIST Special Publications (SP), for establishing an organization-wide risk management program." It directs the organization to make use of NIST Special Publication 800-37, which implies that the Risk management framework (RMF) STEP 6 – AUTHORIZE INFORMATION SYSTEM replaces the Certification and Accreditation process for National Security Systems, just as it did for all other areas of the Federal government who fall under SP 800-37 Rev. 1.