|DISN Connection Process Overview||Customer Connection Requirements||Service Appendices|
DISN Connection Process Overview
The Defense Information Systems Network (DISN) Connection Process Guide (CPG) is a step-by-step guide that outlines procedures DISN customers (DOD components and mission partners) must follow to obtain and retain enclave connections to the DISN. The guide consolidates the connection processes for DISN networks and services into one document, helps customers understand connection requirements and timelines, and provides contacts for assistance throughout the process. The Risk Adjudication and Connection Division is not the process owner for all the elements that comprise DOD’s and DISA’s requirements for establishing a DISN connection. Functions such as request fulfillment, acquisition, provisioning, design and testing, and Assessment and Authorization (A&A) under the new Risk Management Framework (RMF) or Certification and Accreditation (C&A)1 under the DOD Information Assurance Certification and Accreditation Process (DIACAP) are performed by other offices. The DISN CPG focus is on the DISN Connection Approval Process (CAP) and, where appropriate, points customers to appropriate information services, websites, or offices wherever possible to help guide customers through other related processes. For example, request fulfillment (see paragraph 2.1.3) is provided by DISA Global Operations Command; A&A of enclaves (2.2.3) is accomplished by the customer; DISA Infrastructure Engineering (IE) in collaboration with the customer determines the appropriate DISN service (3.1); DOD Chief Information Officer (CIO) validates the mission requirement for mission partner connections to DISN (3.5.2-3.5.4), and the customer accomplishes the A&A for the customer network enclave being connected to DISN (2.1.4).
2-1 Key Process Areas and Terms
There are two general types of customers/partners that connect to the DISN to utilize its networks/services: DOD and non-DOD. DOD customers are DOD combatant commands, military services and organizations, and agencies (DOD CC/S/A/), collectively referred to as “DOD Components.” DOD customer enclaves include information systems or Platform Information Technology (PIT) systems that are developed jointly by DOD components and mission partners, comprise DOD and non-DOD information systems, or contain a mix of DOD and non-DOD information consumers and producers (e.g., jointly developed systems, multi-national or coalition environments, or first responder environments) in accordance with DODI 8500.01 (ref a). Non-DOD customers include: contractors and federally funded research and development centers, other U.S. government federal departments and agencies, state, local, and tribal governments, foreign government organizations/entities (e.g., allies or coalition partners), non-government organizations, commercial companies and industry, academia (e.g., universities, colleges, or research and development centers) and are collectively referred to as “mission partners.” In order to connect to the DISN, mission partners must have a validated requirement approved by a sponsoring CC/S/A or field activity headquarters and validation of the mission requirement from the DOD CIO in accordance with CJCIS 6211.02D (ref b). In addition, all DISN customer information systems will be aligned to DOD network operations and security centers (NOSCs). The NOSC and supporting cybersecurity service provider(s) will provide any required cybersecurity services to aligned systems in accordance with CJCSI 6211.02D,(ref b), DODI 8530.01 (ref k), DODI O-8530.01M ( ref l), and the DOD CIO Memo on DOD Sponsor Responsibilities (ref m)2. Applicable issuances, Defense Finance and Accounting Regulations (DFAR), and requirements must be codified in an appropriate agreement (e.g., memorandum of agreement [MOA] or contract). Responsibilities of DOD sponsors are defined in several OSD and Joint Staff issuances.
DISN Network/Services and Connections
The DISN offers classified and unclassified voice, video, and data services to its customers. A detailed description of each of the services is available at https://www.disa.mil/Network-Services.
Customers requiring a new connection to the DISN and its services must use the DISA Storefront request fulfillment process to initiate the provisioning requirement and circuit activation (go to: Click here) for further information and guidance). The Telecommunications Service Request (TSR) and In-Effect Report (IER) processes involve the ordering, engineering, acquisition, and installation of the circuit and equipment necessary to connect to the DISN. Request fulfillment may only be initiated by a DOD entity. A DOD CC/S/A entity may elect to sponsor a mission partner, but the DOD sponsor remains responsible for all request fulfillment actions to include, but not limited to, completing and/or assisting the mission partner with A&A requirements. See the DOD CIO Sponsor Memorandum (ref m).
Assessment and Authorization
All enclaves connecting to the DISN require A&A in accordance with an appropriate and acceptable process. For new and additional connections, the A&A process should be initiated in parallel to or soon after beginning the request fulfillment process. For reauthorizations, the customer should initiate enclave reauthorization actions with sufficient time prior to expiration of the current authorization and connection approval to prevent a potential circuit disconnect. Expiration notices are sent to the POCs for the subject enclave every 30 days starting 90 days prior to the expiration. For out-of-band (OOB) point-to-point connections, the Command Communications Service Designator (CCSD) and IER information will be uploaded in the System Network Approval Process (SNAP) and SIPRNet Global Information Grid (GIG) Interconnection Approval Process (GIAP) System (SGS) as applicable.
Additionally, the OOB connection will not have an expiration date. DOD components and mission partners must ensure that all SNAP and SGS POC fields are maintained in an up-to-date and accurate status of the enclave at all times.
DOD Combatant Commands/Service/Agency/Field Activities (CC/S/A/FAs) must execute the RMF or DIACAP process in accordance with DODI 8510.01 (ref d). For mission partners and defense contractors, the appropriate A&A process (i.e., RMF, DIACAP, National Industrial Security Program [NISP] Operating Manual [NISPOM], National Institute of Standards and Technology [NIST], Director of Central Intelligence Directives [DCID], etc.) depends on the type of customers and the network/service to be accessed. At the completion of the A&A process, the authorizing official (AO) or Chief Information Officer (CIO) issues an authorization decision in the form of an Authorization to Operate (ATO), ATO with conditions, or Interim Authorization to Test (IATT). Please note that under the RMF process there are no Interim Authorizations to Operate (IATOs). Before a DISA DISN Approval to Connect (ATC) or Interim ATC (IATC) can be issued, a number of documents are required depending on whether a connection request is a DOD RMF or DIACAP package3. For an RMF package, these documents include the RMF Security Assessment Report (SAR), the System Security Plan (SP), Systems Enterprise and Information Security Architecture (system security design document or topology), plus the Consent to Monitor (CTM) and Plan of Actions and Milestone (POA&M). For a DIACAP package these documents include the signed DIACAP Scorecard, System Identification Profile (SIP), CTM, detailed topology, and POA&M. Mission partners require additional documentation addressed later in the CPG.
Connection Approval Process Package
Connection requests are sent to the Chief Administrative Officer (CAO) in the form of a Connection Approval Process (CAP) package. These packages provide the CAO the information necessary to make the connection approval decision. The baseline requirements for what must be included in the CAP package depend on whether the customer is DOD or non-DOD and whether the connection is new or due for reauthorization. There may also be additional requirements, depending on the specific DISN network/service the customer needs to access. The DISA CAO will follow DOD CIO-provided guidance regarding the DIACAP to RMF transition timeline and instructions for all DISN CAP packages.
As an integral part of the connection approval process, the CAO conducts an initial compliance assessment of a new or reauthorization connection to the DISN. Compliance assessments are based on the level of customer adherence with DOD CIO governance (e.g., DODI 8510.01 (ref d)), DISA Security Technical Information Guides (STIGs), Security Requirements Guides (SRGs) and on-site and remote compliance monitoring and vulnerability assessment scans, the Defense Security/Cybersecurity Authorization Working Group (DSAWG)/DOD Information Security Risk Management Committee (ISRMC) decisions, etc.
When non-compliance issues are identified and confirmed, the CAO works with the customer and others to validate and correct the weaknesses that generated the non-compliance issue. Non-compliance can include, among other elements, incomplete and/or incorrect information submitted as part of the CAP package documentation and artifacts.
After the CAP package is reviewed and a compliance assessment conducted, the CAO makes a connection decision and notifies the DOD component or mission partner. DOD components or mission partners approved for connection to the DISN are granted either an ATC or an IATC, which are normally assigned an expiration date to coincide with the Authorization Termination Date (ATD) of the ATO. In the event of a non-compliant assessment for a new connection, the CAO will work with customers to address the matter until the concern is downgraded or mitigated allowing the issuance of an ATC or IATC.
2-2 Initiating the DISN Connection Approval Process
The process for network/service request fulfillment and approval of a connection to the DISN or service varies depending on:
- Whether the customer is a DOD component or a mission partner
- Whether the request is for a new connection or a reauthorization
- What network/service is being accessed. When requesting network/service the request fulfillment and approval of a connection to the DISN or service, the process varies depending on customer type and customer requirements
Based on these determinations, the customer initiates the connection request using the appropriate process as described in section 3 and the appendices of this guide. The appendices also include the DOD CIO temporary exception to policy process, templates, POC tables, references, and glossary.
3-1 Identify the Type of DISN Network or Service Required
Once the customer determines whether this is a new connection requirement or reauthorization of an existing connection, the next step is to identify the DISN network/service that is required. This involves matching customer needs to the most appropriate DISN network/service. All customers desiring connections to the DISN must first confirm with the DISN Validation Official that the desired network/service is appropriate for the mission. Customers who are not sure which network/service best meets their needs should review the description of DISN voice, video, and data services available at https://www.disa.mil/Network-Services and/or contact the DISN Customer Contact Center (DCCC). The DCCC will facilitate contact with the appropriate DISN Validation Official.
|DISN Customer Contact Center (DCC)|
|Phone (Commercial)||844-347-2457, Option 2 or 614-692-0032, Option 2|
|Phone (DSN)||312-850-0032, Option 2|
Customers who know which DISN service they require will find POCs for each of the DISN networks/services in this guide’s individual appendices.
Customer Connection Requirements
CUSTOMER CONNECTION PROCESS