DISN Technical Fundamentals

The DISN has the following generalized components:

• Long-haul transport (Wide Area Network (WAN))
• Components to manage/operate the long-haul transport
• Services that are enabled on the long-haul transport (Network-Enabled Services)
• Enclaves that derive access to the network-enabled services by connecting Local Area Networks (LANs) to the WAN to gain access to WAN services; enclaves may include voice, video, email, Web access, and other services in the local environment; enterprise-level services, such as Cross Domain Enterprise Services, Defense Enterprise Computing Centers (DECC), Network Operations Centers (NOC), Teleport, etc.

 

DISN Partners

There are two types of partners that connect to the DISN to utilize its networks/services: DoD and non-DoD. DoD partners are DoD Combatant Commands, Military Services and Organizations, and Agencies (DoD CC/S/A/), collectively referred to as “DoD Components.” Per Reference (ref a) in the REFERENCES Appendix, non-DoD mission partners and defense contractors include all organizations and entities that are not components of the DoD. This includes: contractors and federally funded research and development centers; other U.S. government federal departments and agencies; state, local, and tribal governments; foreign government organizations/entities (e.g., allies or coalition partners); non-government organizations; commercial companies and industry; academia (e.g., universities, colleges, or research and development centers); etc. Non-DoD mission partners must have a validated requirement approved by a sponsoring CC/S/A or field activity headquarters and approval from the DOD CIO/DoD Chief Information Officer (CIO)). In addition, all DISN partners must have a Computer Network Defense Service Provider (CNDSP) for their Information System.

DISN Networks/Services and Connections

The DISN offers classified and unclassified voice, video, and data services to its partners. A detailed description of each of the services via DISA Direct is available at the following website: https://www.disadirect.disa.mil/products/asp/welcome.asp.

Request Fulfillment

Partners requiring a new connection to the DISN and its services must use the DISA Direct Order Entry (DDOE) request fulfillment process to initiate the provisioning requirement and circuit activation (go to https://www.disadirect.disa.mil/products/asp/welcome.asp for further information and guidance). The Telecommunications Service Request (TSR) and Telecommunication Service Order (TSO) processes involve the ordering, engineering, acquisition, and installation of the circuit and equipment necessary to connect to the DISN. Request fulfillment may only be initiated by a DoD entity. A DoD CC/S/A entity may sponsor a non-DoD mission partner, but the DoD sponsor remains responsible for all request fulfillment actions to include but not limited to completing and/or assisting the non-DoD mission partner with Certification and Accreditation (C&A) requirements. See sponsor memo located on our Policy, Guidance and Briefings page, or you can download a copy of the sponsor memo.

DISN Network/Service Specific Requirements

While all DISN networks/services follow similar connection process steps, there may be network/service-specific requirements for requesting and obtaining a connection, e.g., registering the connection request in an IS/database dedicated to that network/service and/or ensuring components are listed on the DoD Approved Products List (APL) prior to purchase or lease, as designated in each network/service-specific appendix. The common connection process steps are presented in sections 3-6, while any unique network/service-specific requirements are provided in the appendices.

Certification and Accreditation (C&A)

All ISs, including network enclaves connecting to the DISN, require certification and accreditation in accordance with an appropriate and acceptable process. For new and additional connections, the IS C&A process should be initiated parallel to or soon after beginning the request fulfillment process. For reaccreditations, the partner should initiate IS reaccreditation actions with sufficient time prior to expiration of the current accreditation and connection approval to prevent a potential circuit disconnect recommendation. Expiration notices are sent to the POC’s for the subject IS every 30 days starting 90 days prior to the expiration.

DoD CC/S/As and field activities must execute the DoD Information Assurance Certification and Accreditation Process (DIACAP). For non-DoD mission partners and defense contractors, the appropriate C&A process (i.e., DIACAP, NISPOM, NIST, DCID, etc.) depends on the type of non-DoD mission partners and defense contractor and the network/service to be accessed. At the completion of the C&A process, the Designated Accrediting Authority (DAA), Chief Information Officer (CIO), or Authorizing Official issues an accreditation decision in the form of an Authorization to Operate (ATO), Interim ATO (IATO), or Interim Authorization to Test (IATT). This artifact (for DIACAP actions it’s the signed Scorecard) is required in the Connection Approval Process (CAP) package before an Approval to Connect (ATC) or Interim ATC (IATC) can be issued by the DISN Connection Approval Office (CAO).

Connection Approval Office (CAO)

The Enterprise Connection Division’s Information Assurance (IA) Branch includes two functional areas: Connection Approval and Cross Domain Solutions (CDS). The CAO is responsible for processing GIG waivers, performing SIPRNet enclave scans and reviewing and approving all routine DISN connection requests, which are primarily addressed in this CPG. The CAO also receives some other types of connection requests that are not routine; they involve a higher level of risk to the DISN than the CAO is authorized to accept. The CDS team reviews Cross Domain requests and analyzes the threat posed to the GIG, assigns a Grid Connectivity Threat rating, and prepares cross domain tickets to be presented to the CDTAB (Cross Domain Technical Advisory Board). Those requests (e.g., CDS) are reviewed/approved by the Defense IA/Security Accreditation Working Group (DSAWG), and in cases of even higher risk, by the DISN/GIG Flag Panel.

Connection Approval Process (CAP) Package

Connection requests are sent to the CAO in the form of a CAP package. These packages provide the CAO the information necessary to make the connection approval decision. The baseline requirements for what must be included in the CAP package depend on whether the partner is DoD or non-DoD and whether the connection is new or due for reaccreditation. There may also be additional requirements, depending on the specific DISN network/service the partner needs to access. The baseline requirements are provided in sections 3-6 of this guide. Any additional network/service-specific requirements are provided in the appendix that corresponds to that specific network/service.

Risk Assessment

As an integral part of the connection approval process, the CAO conducts an initial assessment of the risk that a new or reaccreditation connection presents to the DISN. Risk assessments are based on the level of partner compliance with governance, DISA/FSO Security Technical Information Guides (STIGs) and on-site and remote compliance monitoring and vulnerability assessment scans, DSAWG/Flag Panel decisions, etc.

When non-compliance issues are identified and confirmed, the CAO works with the partner and others to validate and correct the weaknesses that generated the risk. Weaknesses can include, among other elements, incomplete and/or incorrect information submitted as part of the CAP package documentation and artifacts.

Connection Decision

After the CAP package is reviewed and the risk assessment conducted, the CAO makes a connection decision and notifies the partner. Partners approved for connection to the DISN are granted either an ATC or an IATC, which is normally assigned an expiration date to coincide with the Authorization Termination Date (ATD) of the partner IS ATO or IATO. In the event of a high risk assessment for a new connection, the CAO works with the partner to address the issue until the risk can be downgraded or mitigated, allowing the issuance of an ATC or IATC.

The process for network/service request fulfillment and approval of a connection to the DISN or service varies depending on: 1) whether the partner is a DoD CC/S/A or a non-DoD mission partner; 2) whether the request is for a new connection or a reaccreditation; and 3) what network/service is being accessed. When requesting network/service request fulfillment and approval of a connection to the DISN or service, the process varies depending on partner type and partner requirements. The CPG is broken up into four process sections based on partner type and connection type. Each section describes the connection process requirements and steps that are common to all networks/services specific to the Partner Connection profile. The four process sections are:

• DoD
• DoD NEW CONNECTION PROCESS
• DoD REACCREDITATION PROCESS
• Non-DoD Mission Partner or Defense Contractor
• NON-DoD NEW CONNECTION PROCESS
• NON-DoD REACCREDITATION PROCESS

Regardless of whether or not the partner is DoD or non-DoD, to initiate the connection process, the partner must first determine if this is a requirement for a new connection or a re-accreditation.

After you have reviewed the process for your Partner connection profile, proceed to the appropriate appendices that identify the specific DISN Service connection for additional requirements and guidance. The appendices also include waiver processes, exception processes, templates, points of contact tables, references, and acronym lists.