Tucson Military and Government IT: DISA STIG and CMMC-Compliant Networks

Tucson, Arizona has a deep and long-standing relationship with the US military and defense industry. Davis-Monthan Air Force Base, Raytheon Technologies, L3Harris, and numerous defense subcontractors operate in the region — creating a significant market for DoD-compliant IT infrastructure. Working in or near the defense industrial base requires understanding standards that are far more prescriptive than commercial IT best practices.

DISA STIG Compliance

The Defense Information Systems Agency (DISA) publishes Security Technical Implementation Guides (STIGs) for virtually every piece of commercial IT equipment used in DoD environments. Network-related STIG requirements: - All switches and routers must have SNMP communities changed from defaults and SNMPv3 enabled - Unused switch ports must be disabled and placed in a native VLAN that is not used for data - Spanning tree portfast must be disabled on all trunk ports - Banner messages required on all network devices — specific DoD warning language required - Logging must go to a centralized syslog server with 3-year retention minimum - FIPS 140-2 validated cryptography required for all communications

CMMC 2.0 Level 2 for Defense Contractors

Raytheon's supply chain includes hundreds of Tucson-area SMBs that now face Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements to maintain DoD contracts. Level 2 (Intermediate) requires implementation of all 110 NIST SP 800-171 practices: - Multi-factor authentication for all accounts — hardware-based FIPS-compliant tokens required for privileged access - Controlled Unclassified Information (CUI) must be on encrypted storage and transmitted only over authenticated encrypted channels - System and communication protection requires FIPS-validated encryption - Network access control — only authorized devices may connect to networks carrying CUI

Classified Network Infrastructure (SIPRNET)

Contractors with security clearances who work directly with classified information may need to support SIPRNET (Secret Internet Protocol Router Network) connections: - SIPRNET requires physical separation from unclassified networks — no shared equipment - KG-series crypto devices (NSA-approved) are required for any internet-facing classified communications - Tempest shielding of network equipment in some facility classifications - SIPRNET work requires FSO (Facility Security Officer) involvement and DSS accreditation

Davis-Monthan AFB Contractor Compliance

Companies with active work on the Davis-Monthan installation must meet base network access requirements for contractor IT systems: - Only CAC (Common Access Card)-enabled systems may connect to base networks - All contractor laptops brought on base must have DoD Antivirus and HBSS (Host-Based Security System) installed - No personal devices (BYOD) permitted on base networks - VPN connections to base systems require NSA-approved solutions

Summit DNC is building relationships within the Tucson defense industrial base and pursuing CMMC readiness certification to serve DoD contractor clients. Contact us to discuss your compliance network requirements.