Skip to content
Fiscal Receipts

Information Systems Security

DISAProcurementPartial Reconciliation09
What it is
Information Systems Security — a procurement program run by DISA.
What changed
No FY25→26 comparison — trajectory data incomplete for this line.
Who gets it
No award linkage at high confidence.

Budget Figures

FY24 Actuals
$10.0M
FY25 Total
FY26 Request
$6.25M
FY25→26 Change
Budget Trajectory
FY24: $10.0MFY26: $6.25MFY24FY26
FY24
$10.0M
FY26
$6.25M

FY2026 award data is a partial year — USASpending awards are reported on a rolling basis and the fiscal year does not close until September 30. why partial FY2026 data? →

No research dossier for this program — dossiers cover 50 of 462 programs, the largest fully J-book-detailed lines by FY2026 requested dollars. why no dossier here? →

Budget Line Items(workbook-cited)

Exhibit P-1

AccountOrgTypeAmount
Procurement, Defense-WideDISAFY24 Actuals$10.0M
Procurement, Defense-WideDISAFY25 Enacted$25.4M
Procurement, Defense-WideDISAFY26 Disc. Request$6.25M
Procurement, Defense-WideDISAFY26 Total$6.25M

Budget Details(R-2/P-40 facts)

ProjectAll Prior YearsFY24 ActualsFY25 TotalFY26 BaseFY26 Request
Program Element$104.0M$10.0M$25.4M$6.25M$6.25M

Program Narratives

DescriptionInformation Systems Security Program (Cyber Security & Analytics)

Cyber Security & Analytics (CS&A) enables mission operations for global partners and the warfighter by providing communications through the delivery of optimized cyber infrastructure solutions. The purpose of CS&A is to provide strategic, innovative, and superior cyber infrastructure to Department of Defense (DoD) missions. Cyber Security & Analytics ensures enterprise services support a joint information assurance model that allows for enhanced collaboration in support of the warfighter to counteract evolving cybersecurity threats. The joint information assurance model manages risks related to the use, storage, and transmission of information and supports a broad range of information sharing policies across the unclassified and classified communities. Capabilities provided include: • Cyber Analytics: Builds and provides Department level cyber analytics and tools to enhance DoD cyber information sharing for agile and adaptive response in defending the Department of Defense Internet Networks (DoDIN). Capabilities include providing a sensor network, which is a group of sensors where each sensor monitors data in a different location and sends that data to a central location for storage, viewing, and analysis. • Enterprise Perimeter Defenses: The primary cyber defense layer between the Internet and Non-Classified Internet Protocol Router Network (NIPRNet) provides network protection across the DoD enterprise and against the two largest threat areas (web and email attacks). Additionally, the Perimeter provides specialized methods used to share and protect classified defense and intelligence information with non-DoD mission partners. Perimeter Defense capabilities include: • Enterprise Break & Inspect (EBI): Decrypts and re-encrypts NIPRNet web requests to allow Defensive Cyber Operation tools (tools that protect data, networks, and capabilities) to inspect encrypted information. • Cross Domain Enterprise Service (CDES): Facilitates the transfer of data between different security domains. CDES is implementing, fielding, and providing lifecycle support for cross domain solution technologies. These technologies provide secure and interoperable capabilities throughout the DoD. • Legacy Sharkseer: Detects and mitigates vulnerabilities and persistent cybersecurity threats. Sharkseer also enables the ability to generate and share threat information with other mission partners. This improves situational awareness, helps improve incident response time, and improves deterrence against cyber-attacks. The FY 2024 National Defense Authorization Act (NDAA) called for Perimeter Modernization, which impacts the lifecycle plans for Sharkseer. Defense Information Systems Agency (DISA) is developing and implementing plans to modernize the DoD Perimeter, which negates the legacy Sharkseer capability since Sharkseer does not provide suitable capability to meet FY 2024 NDAA requirements. Sharkseer will remain in sustainment until a replacement solution is put into place. DISA is no longer planning Sharkseer tech refresh or expending procurement funds on Sharkseer and is focusing on strengthening the overall perimeter. • Perimeter Modernization (SIPR REL): Provides secure access to Secret Internet Protocol Router Network (SIPRNet) for Five Eye partners. SIPR REL is a gateway that allows five-eye mission partners to access SIPR. SIPR REL facilitates the sharing of classified defense and intelligence information between the Five Eyes. Empowering allies and partners to act as combat multipliers, enhancing overall capabilities and readiness supports the SECDEF's priority to Reestablish Deterrence by Defending the Homeland. • Endpoint Security: Develops, delivers, and provides administrative reporting and a common operational picture in support of the DoD Information Networks (DoDIN). Capabilities include all endpoint security functions and master endpoint record data elements to enable DISA to ensure component cyber commands are protecting DoD endpoints and limiting risks by quarantining devices that fail to comply with the standards. • Thunderdome: DISA's Zero-Trust Architecture, which provides an enhanced set of security capabilities that help defend and guard our systems against sophisticated adversaries. Zero Trust continually validates user credentials at every stage of a digital interaction. Thunderdome modernizes DISA's cybersecurity infrastructure to significantly improve security posture and user access by enabling dynamic, adaptable security. DISA is deploying Thunderdome in support of DoDNet Migration efforts. This enables the Defense Agencies and Field Activities (DAFAs) to be Zero Trust compliant from Day 1 and has accelerated DISA's planned purchases of Software Defined Wide Area Network (SD-WAN) units. SD-WANs are the primary technology DISA needs to procure to implement Zero Trust. SD-WANs enable Thunderdome to simplify user access by leveraging cloud capabilities and eliminating the need for a traditional Virtual Private Network (VPN) to access the Internet or DoD's network and provide Zero Trust protection to safeguard DoD Networks from intrusion by adversaries.

JustificationInformation Systems Security Program (Cyber Security & Analytics)

FY 2024: $10.012M - Continued to procure software licenses and hardware/software upgrades necessary for reducing vulnerabilities of the DoD Network. This prevents exploitation by hackers and adversaries to disrupt missions and improves the warfighter's ability to safely share information across DoD's classified and unclassified networks. In FY 2024, DISA acquired the following capabilities: • Cyber Analytics – Technical Refresh: $1.459M - FY 2024 funding supports 12 EndaceProbes, which DISA will deploy at the Internet Access Points (IAP) to increase their capacity by 20 Gigabits per second (GBps). Deployment of the EndaceProbes shall increase the current deployed EndaceProbes population to 76 total probes by the end of FY 2025. The DISA will purchase one EndaceProbe with FY 2023 funding, 12 EndaceProbes with FY 2024 funding, and 15 EndaceProbes with FY 2025 funding for 28 total EndaceProbes. The EndaceProbe is an appliance that provides an accurate, full packet capture capability while simultaneously hosting and integrating with network and application performance monitoring tools. The deployment of additional EndaceProbes provides expanded records of network history across the architecture to solve cybersecurity, network, and application issues. • Enterprise Perimeter Defense – Technical Refresh: $4.068M - Funding supported technical refresh of all 10 DISA-owned IAP locations with a focus on Web Content Filtering. Tech Refresh focused on the 10 DISA locations to work towards fulfillment of the FY24 NDAA requirements for Enterprise Perimeter Defense. Funds from the sunsetting Sharkseer capability were utilized to initiate efforts to meet FY 2024 NDAA directed requirements. • Thunderdome: $4.485M - Procured 51 software-defined wide area networks (SD-WAN) units to deliver capabilities to DISA and Defense Agencies and Field Activities (DAFAs) to include the Defense Contract Audit Agency and Defense Contract Management Agency (DCMA). SD-WAN units provide critical software-defined routing of traffic and Zero Trust conditional access to critical data and resources. Note: DISA has expanded SD-WAN needs due to the pace of DoDNet Migrations and internally allocated additional FY 2024 procurement funds to SD-WANs/Thunderdome. FY 2025: $25.392M - Support planned continued procurement of hardware/software upgrades and complete technical refresh of Cyber Analytics, Enterprise Perimeter Defense, Endpoint Security, and Thunderdome Capabilities. These efforts are critical to evolving and expanding cyber capabilities and to meeting mission requirements to include FY24 NDAA directed efforts. These critical efforts are allowing DISA to execute DAFA Migrations to zero trust, increase Full Packet Capture and Performance Monitoring, and expand data compliance efforts across the DISA and the DoD In FY 2025, DISA will acquire the following capabilities: • Cyber Analytics: $1.903M - FY 2025 funding supports 15 EndaceProbes, which DISA will deploy at the IAPs to increase their capacity by 20 GBps. These efforts will increase the current EndaceProbe population to 76 by the end of FY 2025. DISA will purchase one EndaceProbe with FY 2023 funding, 12 EndaceProbes with FY 2024 funding, and 15 EndaceProbes with FY 2025 funding for 28 total EndaceProbes when planned procurements are completed. EndaceProbe is a critical appliance that provides an accurate, full packet capture capability, while simultaneously hosting and integrating with network and application performance monitoring tools. The EndaceProbe capability also provides a critical network recordation history capability to solve cybersecurity, network, and application issues. • Perimeter Defense – SIPR REL: $3.959M - Supports critical tech refresh for the SIPR REL function within the Perimeter Defense capability with planned procurement of network switches at four sites and a lab (five total). This effort supports sharing of classified and intelligence information with Five Eye mission partners. Note: DISA continues to focus on broader Enterprise Perimeter Defense capabilities, specifically SIPR REL (vice Sharkseer as planned during the FY 2025 PB) due to the direction received in the FY 2024 NDAA. • Endpoint Security - Comply 2 Connect (C2C): $2.081M - Funding is to procure licensing to support the roll up of the department's Comply 2 Connect data across multiple platforms. • Thunderdome: $17.449M - Procure an additional 414 software-defined wide area networks (SD-WAN) units to expand capabilities to Defense Agencies and Field Activities (DAFAs) such as Defense Threat Reduction Agency (DTRA) and Defense Logistics Agency (DLA). SD-WAN units enable routing traffic to/from remote locations securely and efficiently. 291 SD-WAN units have already been procured as of December 2024. Note: DISA has expanded SD-WAN needs due to the pace of DoDNet migrations and is allocating all FY 2025 Thunderdome procurement funds to required SD-WAN units. Thunderdome has a low unit cost in FY 2025 due to bulk purchasing discounts. Explanation of Change from FY2024 to FY 2025: $15.380M - The total increase is primarily due to Thunderdome. DISA is aggressively moving DAFAs to the Thunderdome in FY 2025 and needs sufficient procurement funding to support these migrations. FY 2026: $6.254M - Complete work on SIPR REL and initiate Enterprise Perimeter – EBI tech refresh to comply with FY 2024 NDAA. • Perimeter Defense – SIPR REL: $2.133M - Obtain F5 Hardware and software/ licensing to continue supporting sustainment of enhanced authentication to SIPR via SIPR REL. The same four sites and lab (five total) receiving FY 2025 tech refresh require HW/SW to be fully operational in FY 2026. • Enterprise Perimeter Defense: $4.121M - Funding supports critical tech refresh for the EBI Function within the Enterprise Perimeter Defense Capability with planned procurement of F5 hardware and software licenses at 2 of 10 DISA IAP locations. This effort will increase decryption throughput of outbound traffic at two of the 10 DISA IAP Locations. The EBI Capability also provides critical analysis of incoming and outbound data to detect cyber security threats. These tech refresh efforts will allow for critical updates of crucial F5 System Level Components. Note: DISA continues to focus on broader Enterprise Perimeter Defense Capabilities (vice Sharkseer as planned during the FY 2025 PB) due to the direction received in the FY 2024 NDAA. Explanation of Change from FY 2025 to FY 2026: -$19.138M - Decrease due to decreased tech refresh requirements for Endpoint Security Capabilities as it enters sustainment, completion of EndaceProbe requirement, and the concluding of Thunderdome SD-WAN roll out. Performance Metrics: 1. Cyber Analytics - Tech Refresh: EndaceProbes purchased. FY 2024 Planned: 12 of 76 / Estimated Actual: 0 of 76. There are 28 remaining probes to purchase. DISA has already purchased 48 probes. DISA will execute a bulk procurement in FY 2025 to purchase the remaining 28. One will be purchased with FY 2023 funds, 12 with FY 2024 funds, and 15 with FY 2025 funds. FY 2025 Planned: 15 of 76. DISA will have all 76 probes at the end of FY 2025. FY 2026 Planned: N/A 2. Enterprise Perimeter Defense – Technical Refresh: Number of locations receiving technical refresh updates. FY 2024 Planned: 13 of 13 Locations to receive firewall and network device refresh / Actual: 10 DISA IAP Locations - Tech Refresh Web Content Filter Router Assets at all 10 DISA IAP Locations per Senior Leader Direction. Note: This refresh targets Enterprise Perimeter Defense rather than Sharkseer due to the FY 2024 NDAA requirements. FY 2025: N/A - No further tech refresh planned. FY 2026: N/A 3. Perimeter Defense FY 2024: N/A FY 2025 Planned: N/A FY 2026 Planned: 2 of 10 Locations to receive planned F5 Break and Inspect Device Tech Refresh. 4. Endpoint Security FY 2024 Planned: 1 of 1 HW/SW Procurement / Estimated Actual: 0 of 1 HW/SW Procurement. Deferred to FY 2025 as part of a consolidated procurement effort. FY 2025 Planned: 1 of 1 HW/SW Procurement. FY 2026 Planned: N/A 5. Thunderdome: Number of SD-WAN units procured. FY 2024 Planned: 44 of 213 (cum. 44 of total 213) SD-WAN units Actual: 51 SD-WAN Units (cum. 78 of 492) Note: Cum total includes 27 SD-WAN units purchased with FY 2023 procurement funds. FY 2025 Planned: 414 of 492 (cum. 492 of total 492) SD-WAN units / 291 SD-WAN units have already been procured as of December 2024. FY 2026 Planned: N/A

No follow-the-dollar view — this program's awards haven't been crosswalked at high confidence (flows cover 17 of 462 programs). why coverage is partial? →

Primary Sources