• STIG/SRG Updates for NIST SP 800-53 Rev 5 Set for July

    DISA will be updating numerous STIGS and SRGs to bring them into compliance with changes from the fifth revision of the NIST SP 800-53. The STIG team will complete this work for the July maintenance release. Therefore, any routine STIG/SRG maintenance will be held until the October release. All SRGs and 100 STIGs, listed below, will be included in the July updates.

    View Rev 5 Update List
  • DISA Will Publish April STIG Automation in July

    The automation portion of the April maintenance release will be held until the July maintenance release. This is due to recent changes in automation processes and procedures and upcoming changes to STIGs and SRGs from the fifth revision of the NIST SP 800-53.

  • Cyber Awareness Challenge 2024 is Online!

    Are you the cybersecurity hero we need? In this NEW Cyber Awareness Challenge, you will complete a series of missions using knowledge of best practices to earn the tools needed to stop a cybersecurity attack. The Challenge also offers a “speed mission” that allows you to quickly gather tools using the Knowledge Check option.

    Challenge 2024 Available Here
  • The 2023-2027 DoD Cyber Workforce Strategy Implementation Plan is Published!

    This Implementation Plan is strategically designed to be agile, flexible, and responsive, empowering the Department to effectively adapt and fulfill mission requirements within an ever-changing cyber domain.

  • DoD Chief Information Officer Releases 2023-2027 Cyber Workforce Strategy

    This strategy takes a proactive approach in setting unifying direction and guidance for the Department to foster a cyber workforce capable of adapting to the evolving needs, threats, and challenges of the cyber domain. It identifies the need for a cultural shift to reform the management of the Department’s most valuable asset: its people.

    Learn More
  • DoD 8140 Manual "Cyberspace Workforce & Qualification Management Program"

    Publication of the long-awaited DoDM 8140.03 is here!
    The Manual completes the DoD 8140 policy series, which provides a targeted role-based approach to identify, develop, and qualify cyber workforce personnel by leveraging the DoD Cyber Workforce Framework.

    View 8140 Manual


STIG Update

DISA recently released the following updated Security Guidance:  The automation portion of the April release will be…

GPO Update

Group Policy Objects (GPOs) have been updated for April 2024. Refer to the Change Log document included in the zip file for…

External Certification Authority Program (ECA)

The ECA program supports the issuance of DoD-approved certificates to industry partners and other external entities and organizations. The ECA program is designed to provide the mechanism for these entities to securely communicate with the

DISA Approved Product List

The purpose of Department of Defense Information Network Approved Products List (DODIN APL) is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification. Use of the DODIN

/by cyberx-dv

Get DoD Certs

These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats.

/by cyberx-dv

About the DoD Cyber Exchange

The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. These resources are provided to enable the user to comply with rules, regulations, best practices and federal laws. DISA is mandated to support and sustain the DoD Cyber Exchange (formerly the Information Assurance Support Environment (IASE)) as directed by DoDI 8500.01 and DODD 8140.01.


The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users.


The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent).


The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token.

Training Catalog

Explore our catalog of cyber security training developed by Cyber Security experts: enroll in classroom courses and take training online.

U.S. Government Notice and Consent

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.

By using this IS (which includes any device attached to this IS), you consent to the following conditions:

· The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.

· At any time, the USG may inspect and seize data stored on this IS.

· Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose.

· This IS includes security measures (e.g., authentication and access controls) to protect USG interests – not for your personal benefit or privacy.

Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.