Sign up to receive ACAS email updates (restricted to .mil email addresses)


The Assured Compliance Assessment Solution (ACAS) is an integrated software solution that is scalable to an unlimited number of locations. The solution’s tiering ability will give Department of Defense (DoD) enhanced enterprise security while being easy to install and manage. It can be easily deployed via download to all DoD agencies – without the need to procure and install appliance devices. DoD will discover that the ACAS product suite easily provides the required automated network vulnerability scanning, configuration assessment, application vulnerability scanning, device configuration assessment, and network discovery it needs. Further, the product suite generates the required reports and data, with a centralized console, and is SCAP compliant. There is much more to the capabilities of the ACAS and you can find out more information by reading the material referenced below. DISA's Mission Assurance Directorate (MA) is providing program management and supporting the deployment of this solution.

The scope of the ACAS deployment is worldwide. This vast effort requires a support infrastructure to be in place. DISA MA has instituted support services to enable the comprehensive implementation of ACAS to all the combatant commands, Services, agencies and field activities.


In accordance with Commander, United States Strategic Command (USSTRATCOM) Communications Tasking Order (CTO) 05-19, all DoD Components shall immediately initiate automated enterprise-wide vulnerability scanning on all DoD networks. The Information Assurance (IA)/Computer Network Defense (CND) Enterprise Solutions Steering Group (ESSG) is pursuing the replacement for the Secure Configuration Compliance Validation Initiative (SCCVI) capability for unlimited use across the Department of Defense (DoD) in order to continue to address the need for a vulnerability scanning capability. The Defense Information Systems Agency (DISA), at the request of the United States Strategic Command (USSTRATCOM) and in support of National Security goals established by the President; has purchased from industry, a solution to accurately assess the configuration compliance of DoD enterprise networks and connected systems against DoD standards (e.g. Federal Desktop Core Configuration (FDCC), Security Technical Implementation Guides (STIG), and all known vulnerabilities.


Sec Center As the central console for ACAS, Security Center offers the ability to automate and quickly scale an organization’s vulnerability and compliance scanning infrastructure, as well as provide capabilities to allow for management, alerting, and reporting against vulnerability and compliance requirements.
Nessus A fully capable scanner covers a breadth of checks, including unique Common Vulnerabilities and Exposures (CVEs), and successfully operates across different environments.


The X-Tool converts distributed eXtensible Checklist Configurations Description Format (XCCDF) files into Extensible Markup Language (XML) schema, which allows the files to be imported into SecurityCenter and easily customized, if necessary.

3D Tool

The Topology Viewer imports asset data from the Nessus scanner or SecurityCenter and provides graphical analysis information such as network and protocol maps, communication paths, and vulnerability maps. The Topology Viewer also imports and converts Open Vulnerability Assessment Language (OVAL) vulnerability files for upload into SecurityCenter.

PV Scanner

The PVS monitors network traffic in real-time. It determines server and client side vulnerabilities and sends these to Security Center in real-time. It continuously looks for new hosts, new applications and new vulnerabilities without requiring the need for active scanning.