[_slih]

telling users on a cybersecurity website to click past certificate warnings is training them to do the exact thing every security awareness program says never to do. DISA runs the security standards that every defense contractor has to comply with...

[driftnet]

The requirements for vendors are based on NIST standards and frameworks. They do not have to apply DISA STIGs to their own systems. And the mandatory annual cybersecurity awareness training for anyone with a CAC does include teaching users not to click through these warnings. DoD users wouldn't typically see this page at all.