Updates!
IAVM to CVE Mapping Spreadsheet - Updated October 19, 2012
Draft Mobile Policy SRG, Version 1, Release 0.2 - October 19, 2012
STIG Viewer Beta - Version 1.1.2 - October 19, 2012
IAVM 2012 - Benchmark (HBSS Only) (*PKI) - Updated October 15, 2012
Draft Traditional Security STIG - Updated October 15, 2012
Draft Application Server SRG, Version 1, Release 0.2 - Updated October 11, 2012
Mobile OS SRG, Version 1, Release 1 - Updated October 10, 2012
Google Chrome STIG - Version 1, Release 0.5 Draft - Updated September 28, 2012
Draft Mobile Applications SRG, Version 1 - Updated September 27, 2012
Draft Mobile Applications SRG, Version 1 TIM Memo - Updated September 27, 2012
Draft Mobile Applications SRG, Version 1 Comment Matrix - Updated September 27, 2012
IAVM 2012 - Benchmark (HBSS Only) (*PKI) - Updated September 21, 2012
IAVM to CVE Mapping Spreadsheet - Updated September 21, 2012
2012 STIG TIM and DSAWG Schedule - Updated September 21, 2012
UNIX Manual SRG, Version 1, Release 2 - Updated September 19, 2012
UNIX Policy Manual SRG, Version 1, Release 2 - Updated September 19, 2012
IAVM to CVE Mapping Spreadsheet - Updated September 14, 2012
AIX 5.3 IAVM, Version 1, Release 1 - Updated September 13, 2012
AIX 6.1 IAVM, Version 1, Release 1 - Updated September 13, 2012
HP-UX 11.23 IAVM, Version 1, Release 1 - Updated September 13, 2012
HP-UX 11.31 IAVM, Version 1, Release 1 - Updated September 13, 2012
RHEL 5 IAVM, Version 1, Release 1 - Updated September 13, 2012
Solaris 9 SPARC IAVM, Version 1, Release 1 - Updated September 13, 2012
Solaris 9 x86 IAVM, Version 1, Release 1 - Updated September 13, 2012
Solaris 10 SPARC IAVM, Version 1, Release 1 - Updated September 13, 2012
Solaris 10 x86 IAVM, Version 1, Release 1 - Updated September 13, 2012
IAVM to CVE Mapping Spreadsheet - Updated September 7, 2012
Solaris 9 SPARC Manual STIG - Version 1, Release 1 - Updated August 23, 2012
Solaris 9 x86 Manual STIG - Version 1, Release 1 - Updated August 23, 2012
Solaris 9 SPARC STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012
Solaris 10 SPARC Manual STIG - Version 1, Release 1 - Updated August 23, 2012
Solaris 10 x86 Manual STIG - Version 1, Release 1 - Updated August 23, 2012
Solaris 10 SPARC STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012
Solaris 10 x86 STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012
Red Hat 5 Manual STIG, Version 1, Release 1 - Updated August 23, 2012
Red Hat 5 STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012
HP-UX 11.23 Manual STIG - Version 1, Release 1 - Updated August 23, 2012
HP-UX 11.23 STIGS Benchmark, Version 1, Release 1 - Updated August 23, 2012
HP-UX 11.31 Manual STIG - Version 1, Release 1 - Updated August 23, 2012
HP-UX 11.31 STIGS Benchmark, Version 1, Release 1 - Updated August 23, 2012
AIX 5.3 Manual STIG, Version 1, Release 1 - Updated August 23, 2012
AIX 5.3 STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012
AIX 6.1 Manual STIG, Version 1, Release 1 - Updated August 23, 2012
AIX 6.1 STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012
IAVM to CVE Mapping Spreadsheet - Updated August 17, 2012
SCC 3.0.2 RHEL i686 - Updated August 13, 2012
SCC 3.0.2 RHEL x86 64 - Updated August 13, 2012
SCC 3.0.2 Solaris i386 - Updated August 13, 2012
SCC 3.0.2 Solaris SPARC - Updated August 13, 2012
SCC 3.0.2 Windows - Updated August 13, 2012
SCC 3.0.2 SCC DEBIAN i386 - Updated August 13, 2012
SCC 3.0.2 DEBIAN AMD64 - Updated August 13, 2012
Internet Explorer 9 STIG Version 1, Release 2 - Updated August 13, 2012
Internet Explorer 9 STIG Benchmark - Version 1, Release 3 - Updated August 13, 2012
Microsoft .NET Framework 4, Version 1, Release 1 - Updated August 10, 2012
IAVM to CVE Mapping Spreadsheet - Updated August 10, 2012
Gold Disk Related FAQS - Updated August 9, 2012
STIG Library Compilation Bulk Download (.zip format) - Updated August 8, 2012
Draft Java Runtime Environment (JRE) 6, Version 1, Release 0.1 - Updated August 8, 2012
Draft Java Runtime Environment (JRE) 6, Version 1, Release 0.1 - Updated August 8, 2012
Gold Disk (*PKI) - Updated July 27, 2012
IAVM 2012 Benchmarks - Updated July 24, 2012
Draft Intrusion Detection and Prevention System SRG, Version 1, Release 0.3 - Updated July 17, 2012
Windows 7 STIG Benchmark Version 1, Release 12 - Updated July 13, 2012
Database Security Requirements Guide (SRG) - Version 1, Release 1 - Updated July 13, 2012
The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA Field Security Operations (FSO) has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack. DISA FSO is in the process of moving the STIGs towards the use of the NIST Security Content Automation Protocol (S-CAP) in order to be able to “automate” compliance reporting of the STIGs.
A STIG Security Checklist, typically a companion of a STIG, is essentially a document that contains instructions or procedures to manually verify compliance to a STIG. STIGs have been under optimization efforts since 2008 to begin to combine the STIG and STIG Security Checklist into one document. Currently, however, you will still find instances where there are still STIGs with accompanying STIG Checklists.
A Benchmark is an “automated” STIG which may be used in conjunction with an Security Content Automation Protocol (SCAP) compliant tool to provide automated compliance reporting for the STIG.
Security Readiness Review (SRRs) Scripts test products for STIG compliance. SRR Scripts are available for some operating systems and databases that have STIGs. The SRR scripts are unlicensed tools developed by the FSO and the use of these tools on products is completely at the user's own risk.
The DISA FSO Windows Gold disk tool provides an automated mechanism for compliance reporting and remediation to the Windows STIGs. The FSO Windows Gold Disks are an unlicensed tool developed by the FSO, the use of this tool is completely at the user's own risk. Currently, the Gold Disk supports Windows XP, Windows Vista, Windows 2003, Windows 2008 R1. There are no plans to develop Gold Disks for future technologies or products, FSO will utilize the SCAP standards for compliance reporting for Windows 7.
Questions or comments? Please contact DISA Field Security Operations (FSO)
Helpdesk Email: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil