DISA

The Defense Information Systems Agency (DISA) is the DoD agency responsible for providing and protecting the department's IT infrastructure. DISA manages the DoD's networks, develops security standards (including STIGs), provides cybersecurity tools (like ACAS), and operates critical enterprise services.

For defense contractors, DISA is the source of many security tools and standards you'll encounter. STIGs (Security Technical Implementation Guides) from DISA define how systems must be configured, and DISA's vulnerability scanning tools are the standard for DoD security assessments.

Why It Matters

DISA's standards and tools — particularly STIGs and ACAS — are the benchmarks against which DoD systems are secured and assessed. Familiarity with DISA resources is essential for anyone working on DoD information systems.

Related Resources

CMMC: CM.L2-3.4.7
CMMC: IA.L2-3.5.6
NIST 800-171: 3.4.7
NIST 800-171: 3.5.6
NIST 800-53: AC-2(3)
NIST 800-53: AC-2(13)
NIST 800-53: AC-4(10)
NIST 800-53: AC-17(8)