• STIG/SRG Updates for NIST SP 800-53 Rev 5 Set for July

    DISA will be updating numerous STIGS and SRGs to bring them into compliance with changes from the fifth revision of the NIST SP 800-53. The STIG team will complete this work for the July maintenance release. Therefore, any routine STIG/SRG maintenance will be held until the October release. All SRGs and 100 STIGs, listed below, will be included in the July updates.

    View Rev 5 Update List
  • DISA Will Publish April STIG Automation in July

    The automation portion of the April maintenance release will be held until the July maintenance release. This is due to recent changes in automation processes and procedures and upcoming changes to STIGs and SRGs from the fifth revision of the NIST SP 800-53.

  • The 2023-2027 DoD Cyber Workforce Strategy Implementation Plan is Published!

    This Implementation Plan is strategically designed to be agile, flexible, and responsive, empowering the Department to effectively adapt and fulfill mission requirements within an ever-changing cyber domain.

  • DoD Chief Information Officer Releases 2023-2027 Cyber Workforce Strategy

    This strategy takes a proactive approach in setting unifying direction and guidance for the Department to foster a cyber workforce capable of adapting to the evolving needs, threats, and challenges of the cyber domain. It identifies the need for a cultural shift to reform the management of the Department’s most valuable asset: its people.

    Learn More
  • DoD 8140 Manual "Cyberspace Workforce & Qualification Management Program"

    Publication of the long-awaited DoDM 8140.03 is here!
    The Manual completes the DoD 8140 policy series, which provides a targeted role-based approach to identify, develop, and qualify cyber workforce personnel by leveraging the DoD Cyber Workforce Framework.

    View 8140 Manual


New ECA PKI CAs Released

The ECA PKI has recently deployed ECA Root CA 5 and WidePoint ECA 9. These new certificates are now available in the ECA…

Identity and Access Management (IdAM)

The IdAM Portfolio is a joint DISA, DMDC, and NSA organizational construct for managing an array of core material solutions to enable DoD enterprise-wide digital identity, authentication, and authorization capabilities. The IdAM Portfolio

DISA Approved Product List

The purpose of Department of Defense Information Network Approved Products List (DODIN APL) is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification. Use of the DODIN

/by cyberx-dv

Get DoD Certs

These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats.

/by cyberx-dv

About the DoD Cyber Exchange

The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. These resources are provided to enable the user to comply with rules, regulations, best practices and federal laws. DISA is mandated to support and sustain the DoD Cyber Exchange (formerly the Information Assurance Support Environment (IASE)) as directed by DoDI 8500.01 and DODD 8140.01.


The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users.


The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent).


The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token.

Training Catalog

Explore our catalog of cyber security training developed by Cyber Security experts: enroll in classroom courses and take training online.

U.S. Government Notice and Consent

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.

By using this IS (which includes any device attached to this IS), you consent to the following conditions:

· The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.

· At any time, the USG may inspect and seize data stored on this IS.

· Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose.

· This IS includes security measures (e.g., authentication and access controls) to protect USG interests – not for your personal benefit or privacy.

Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.