The Defense Information Systems Agency (DISA) now offers service product packages to mission-partner authorizing officials to provide a holistic view of their information systems risk posture. The packages help ensure compliance for mission partners who have programs and systems hosted within the DISA computing ecosystem.
Control Correlation Identifiers (CCIs) within the service packages allow high-level policy framework requirements to be decomposed and associated with low-level security settings to determine compliance with the objectives of that specific security control.
“We are providing mission partners options based on their requirements and elected services. We are also saving mission partners time and resources by leveraging our tested, validated and compliant CCIs,” explains Stephanie Watt, chief of the cyber controls section, Computing Ecosystem’s Cyber Services Line of Business, in a DISA statement.
For example, mission partners on virtual operating environments have an option to select Service Package 4 or 5, which is “secure at will.” This enables DISA to make changes based on mission partner-directed configurations and the ability to secure at will…
