Home › Our Services › DISA Vendor STIG Consulting

DISA Vendor STIG Consulting

Tachyon Dynamics provides unparalleled consulting service for product manufacturers to develop and author their own Defense Information Systems Agency (DISA) Vendor Security Technical Implementation Guidance (STIG). DISA has a method for vendors to use source material like the DISA Security Requirements Guides (SRG) to publish STIGs that DoD sites will use to harden and configure their systems for internal site accreditation.

With the discontinuation of the DoDIN Approved Products List (APL) as a pre-procurement certification program, a DISA Vendor STIG has become the primary path for vendors seeking to demonstrate cybersecurity compliance to the Department of Defense.

Our 7-Step Process

  1. Gap Analysis – Provide a detailed and robust Gap Analysis for systems that have not participated in the DoDIN APL. If the hardware or software has never gone through rigorous DoD testing, Tachyon Dynamics provides an environment to assess vendors that will be required for STIG implementation.
  2. DISA Coordination – Interface with the DISA Risk Management Element (RME) supervising STIG creation.
  3. SRG Extraction – Extract all SRGs deemed applicable by DISA. These could include the General Purpose Operating System SRG, Network Device Management SRG, Application Core SRG, or numerous others depending upon the overall solution discovered during the Gap Analysis.
  4. Content Development – Develop repeatable and testable "check content" and "fix text" for every applicable control.
  5. DISA Submission – Submit completed and vendor-approved content to DISA.
  6. Finalization – Facilitate finalization, completion, and feedback inclusion with the vendor and DISA.
  7. Maintenance – Provide maintenance updates to DISA as SRGs and vendor software changes.

Why Choose Tachyon Dynamics?

Our engineers have authored more DISA Vendor STIGs than any other consulting firm in the industry. We know the DISA RME process inside and out — what reviewers look for, common rejection reasons, and how to get your STIG approved on the first submission cycle. Our clients include some of the largest names in enterprise networking, cybersecurity, and storage.

Ready to get your DISA Vendor STIG? Reach out and let us know how we can help.

7-Step STIG Process

01
Gap Analysis
TDI identifies gaps for needed features. Vendor provides fixes.
02
Vendor STIG Intent Form
TDI solicits vendor input. Obtaining DoD sponsor verification. Submits form.
03
Planning
Intro meeting with DISA. VEA makes go/no-go decision.
04
Development
Vendor orientation meeting with DISA. STIG development. Check and fix text up to final draft. DISA makes go/no-go decision.
05
Validation
DISA reviews all content. DISA Contractor simulates/validates in their labs. Final STIG content drafted.
06
Final Review & Publication
DISA reviews and approval. Vendor notification. STIG publication.
07
STIG Maintenance
Provide updates to STIG content as changes are made to the SRGs. Provide updates to STIG content as there are changes to software/hardware.