DISADefense Information Systems Agency
Part of Department of Defense (DoD)
Annual Spend
$12B+ annually
CMMC Level
Level 2-3
Key Offices
DITCO, PEO Enterprise Services
Overview
DISA provides IT and communications support to the DoD, managing over $12 billion annually in enterprise IT services, cloud computing, and cybersecurity capabilities. DISA operates the ENCORE III and Encore IV IDIQ contracts for enterprise IT services.
Mission Focus & Priorities
DISA's FY2026 priorities center on four critical modernization initiatives driving the majority of their $12B+ annual spend. First, the Enterprise Infrastructure Solutions (EIS) transition continues as DISA migrates from legacy Networx contracts, with $2.8B allocated for network modernization and the Joint Regional Security Stack (JRSS) program. Second, cloud migration acceleration through the milCloud 2.0 program and DoD Enterprise DevSecOps Reference Design implementation, targeting 80% cloud-first by FY2026 with $1.9B in dedicated funding. Third, AI/ML integration via the Encore III contract vehicle, specifically the Defense Information Systems Network (DISN) AI initiative and Purebred certificate-based authentication enhancements, representing $800M in new technology investments. Fourth, zero trust architecture implementation across the Defense Information Technology Contracting Organization (DITCO) portfolio, mandating NIST 800-207 compliance for all new awards exceeding $50M. The Defense Spectrum Organization (DSO) and Global Information Grid (GIG) directorates generate 60% of contract opportunities, while the Risk Management Framework (RMF) office drives cybersecurity requirements. Emerging growth areas include quantum-resistant cryptography ($340M), 5G network slicing for tactical environments ($280M), and software-defined perimeter technologies ($190M). CMMC 2.0 is reshaping DISA procurement by mandating Level 2 certification for all Controlled Unclassified Information (CUI) handling contracts, affecting 75% of their enterprise IT services portfolio and requiring enhanced supply chain risk management documentation.
Budget & Spending Trends
DISA's FY2025 budget of $12.3B represents a 7.2% increase from FY2024's $11.5B, with FY2026 projections reaching $13.1B driven by accelerated IT modernization mandates. The largest growth occurs in NAICS 541511 (Custom Computer Programming Services) with a 12% YoY increase to $3.2B, and NAICS 541512 (Computer Systems Design Services) growing 9% to $2.8B. Declining categories include NAICS 517110 (Wired Telecommunications Carriers) dropping 8% to $890M as legacy network contracts sunset. The prime-to-subcontract ratio shifted from 65/35 in FY2024 to 62/38 in FY2025, indicating increased subcontracting complexity for specialized cybersecurity and AI capabilities. Small business set-asides represent 31% of total obligations ($3.8B), with 8(a) program participation increasing 15% to $980M. Service-Disabled Veteran-Owned Small Business (SDVOSB) awards grew 18% to $720M, while HUBZone participation remained steady at $290M. Geographic concentration shows 45% of contract value in the National Capital Region, 18% in Colorado Springs (NORTHCOM/NORAD support), 12% in Tampa (CENTCOM), and 25% distributed across other COCOM locations. Operating expenses increased 6% to $4.1B, while procurement accounts grew 8% to $8.2B, reflecting the shift toward commercial cloud services and away from government-owned infrastructure.
How to Win Contracts with DISA
DISA heavily favors specific contract vehicles for different requirement types: Encore III ($17.5B ceiling) for enterprise IT services and emerging technologies, GSA IT Schedule 70 for commercial software and cloud services under $5M, NASA SEWP V for hardware and integrated solutions, and NITAAC CIO-SP3 for large-scale IT transformation projects. Target the Defense Information Technology Contracting Organization (DITCO) at Scott Air Force Base for enterprise-wide opportunities, the Global Information Grid Convergence (GIG-C) office for network modernization, and the Defense Red Switch Network (DRSN) program office for classified communications. Effective SAM.gov searches should focus on NAICS 541511, 541512, and 518210 with PSC codes D307 (IT and telecom), D399 (other IT services), and R425 (support services). Apply set-aside filters for 8(a), SDVOSB, and small business opportunities, particularly those exceeding $1M but under $10M where competition is manageable. Past performance requirements typically demand three contracts of similar scope within the last five years, with preference for DoD customers and cleared personnel. DISA procurement cycles average 8-12 months for major programs, with technical evaluation weighted 60%, past performance 25%, and price 15%. This week's actionable steps: (1) Register for DISA Industry Day events via beta.sam.gov and DITCO website notifications, (2) Review active Encore III task order competitions on SAM.gov using keyword searches for 'DISA' and 'Defense Information Systems,' (3) Identify teaming partners with complementary CMMC Level 2 certifications and clearances, (4) Submit capability statements to prime contractors holding Encore III positions, and (5) Attend the monthly DISA Small Business Industry Outreach sessions to build relationships with contracting officers and program managers.
CMMC Requirements for DISA Contractors
DISA mandates CMMC Level 2 certification for all contracts involving Controlled Unclassified Information (CUI), affecting approximately 85% of their IT services portfolio including cloud hosting, enterprise applications, and network operations valued at $10.4B annually. Level 1 requirements apply only to basic IT support services without CUI access, representing roughly $1.9B in lower-tier maintenance and help desk contracts. DISA plans phased CMMC clause inclusion beginning Q2 FY2025 for new solicitations over $5M, with full implementation by Q4 FY2025 for all contract actions. The agency's Risk Management Framework (RMF) office serves as the early CMMC adopter, already requiring Level 2 certification for 12 active solicitations totaling $340M. Subcontractor flowdown requirements are particularly stringent, with primes required to verify CMMC compliance for any subcontractor handling CUI regardless of contract tier, creating a 15-20% cost premium for supply chain management. DISA's compliance culture emphasizes continuous monitoring and assessment, with evaluation criteria allocating 20-25% weight to cybersecurity posture and CMMC readiness even before formal certification requirements. The agency estimates CMMC compliance will add $45-65 per hour to loaded labor rates for cleared technical personnel and $12-18M annually in organizational overhead for large system integrators. Geographic implications favor contractors in CMMC-dense regions like Northern Virginia, Colorado Springs, and San Antonio where certified assessment organizations are readily available.
Top NAICS Codes
Common Contract Types
Key Procurement Offices
Recent Contract Awards
Total Awards
70
Last 30 Days
18
30-Day Value
$2.5M
Avg Amount
$140K
All-Time Value
$23.5B
FPDS
| Contract | Awardee | Amount |
|---|---|---|
| AWARD NOTICE: Requirement to start a 10GB unprotected, unchannelized Ethernet commercial lease Intra-Europe and SWA. | GULFNET COMMUNICATIONS CO. WLL. | $683K |
| AWARD NOTICE: Requirement to start a 10.709 GB commercial lease Intra-Europe. | Combridge SRL | $362K |
| AWARD NOTICE: Requirement to start a 10.709 GB commercial lease Intra-Europe. | Combridge SRL | $180K |
| AWARD NOTICE | Business Automation Technologies Inc. | $48K |
| AWARD NOTICE | Business Automation Technologies Inc. | $31K |
| AWARD NOTICE: Requirement to start a 100 MB dedicated commercial lease between Europe and Southwest Asia | Combridge SRL | $65K |
| AWARD NOTICE: Requirement to Start a 10.709 GB commercial lease Intra-Europe. | Combridge SRL | $123K |
| AWARD NOTICE: Requirement to Start a 10.709 GB commercial lease Intra-Europe. | Combridge SRL | $164K |
| AWARD NOTICE | AOC Connect, LLC | $54K |
| AWARD NOTICE | OneVoice Government Solutions LLC | $76K |
Top Awardees
Top Contractors (FPDS)
| Contractor | Total Obligation |
|---|---|
| DELL MARKETING L.P. | $1.3B |
| INSIGHT PUBLIC SECTOR, INC. | $1.1B |
| DELL FEDERAL SYSTEMS L.P | $1.0B |
| AT&T ENTERPRISES, LLC | $699.1M |
| CARAHSOFT TECHNOLOGY CORP | $673.9M |
| MCI COMMUNICATIONS SERVICES LLC | $525.6M |
| VERIZON BUSINESS NETWORK SERVICES LLC | $516.0M |
| PERATON GOVERNMENT COMMUNICATIONS INC. | $480.8M |
| INMARSAT GOVERNMENT, INC. | $439.4M |
| ARTEL LLC | $400.3M |
Get real-time alerts for DISA contracts and track opportunities matching your profile.
Get AlertsFrequently Asked Questions
How do I find contracts with DISA?
Search SAM.gov for active Defense Information Systems Agency solicitations. Monitor the DISA procurement forecast published annually. Register in the System for Award Management (SAM.gov) and set up saved searches for relevant NAICS codes.
Does DISA require CMMC?
Yes, Defense Information Systems Agency requires CMMC certification for contracts involving CUI. Most contracts require Level 2-3. Contractors should begin the certification process well in advance of bidding.
What are the top NAICS codes for DISA contracts?
The most commonly used NAICS codes for Defense Information Systems Agency contracts include 541511, 541512, 541519, 518210, 541330. These codes cover the primary contracting areas for DISA. Check SAM.gov for specific opportunities under each code.
Related Guides
Free Compliance Tools
Find who's winning DISA contracts
Use our free Contractor Lookup to see top awardees, NAICS trends, and upcoming opportunities.
Look Up Contractors FreeTrack Defense Information Systems Agency contract awards with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. 14-day free trial.
Start Free — 14 Days