STIGs Home

Javascript is not enabled!
Please be aware that without javascript enabled this site will not look or function as intended.
If you have any questions, please contact IA-web@disa.mil

UNCLASSIFIED

STIGs

IASE Home > STIGs Home

Updates!

IAVM to CVE Mapping Spreadsheet - Updated October 19, 2012

Draft Mobile Policy SRG, Version 1, Release 0.2 - October 19, 2012

STIG Viewer Beta - Version 1.1.2 - October 19, 2012

IAVM 2012 - Benchmark (HBSS Only) (*PKI) - Updated October 15, 2012

Draft Traditional Security STIG - Updated October 15, 2012

Draft Application Server SRG, Version 1, Release 0.2 - Updated October 11, 2012

Mobile OS SRG, Version 1, Release 1 - Updated October 10, 2012

Google Chrome STIG - Version 1, Release 0.5 Draft - Updated September 28, 2012

Draft Mobile Applications SRG, Version 1 - Updated September 27, 2012

Draft Mobile Applications SRG, Version 1 TIM Memo - Updated September 27, 2012

Draft Mobile Applications SRG, Version 1 Comment Matrix - Updated September 27, 2012

IAVM 2012 - Benchmark (HBSS Only) (*PKI) - Updated September 21, 2012

IAVM to CVE Mapping Spreadsheet - Updated September 21, 2012

2012 STIG TIM and DSAWG Schedule - Updated September 21, 2012

UNIX Manual SRG, Version 1, Release 2 - Updated September 19, 2012

UNIX Policy Manual SRG, Version 1, Release 2 - Updated September 19, 2012

IAVM to CVE Mapping Spreadsheet - Updated September 14, 2012

AIX 5.3 IAVM, Version 1, Release 1 - Updated September 13, 2012

AIX 6.1 IAVM, Version 1, Release 1 - Updated September 13, 2012

HP-UX 11.23 IAVM, Version 1, Release 1 - Updated September 13, 2012

HP-UX 11.31 IAVM, Version 1, Release 1 - Updated September 13, 2012

RHEL 5 IAVM, Version 1, Release 1 - Updated September 13, 2012

Solaris 9 SPARC IAVM, Version 1, Release 1 - Updated September 13, 2012

Solaris 9 x86 IAVM, Version 1, Release 1 - Updated September 13, 2012

Solaris 10 SPARC IAVM, Version 1, Release 1 - Updated September 13, 2012

Solaris 10 x86 IAVM, Version 1, Release 1 - Updated September 13, 2012

IAVM to CVE Mapping Spreadsheet - Updated September 7, 2012

Solaris 9 SPARC Manual STIG - Version 1, Release 1 - Updated August 23, 2012

Solaris 9 x86 Manual STIG - Version 1, Release 1 - Updated August 23, 2012

Solaris 9 SPARC STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012

Solaris 10 SPARC Manual STIG - Version 1, Release 1 - Updated August 23, 2012

Solaris 10 x86 Manual STIG - Version 1, Release 1 - Updated August 23, 2012

Solaris 10 SPARC STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012

Solaris 10 x86 STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012

Red Hat 5 Manual STIG, Version 1, Release 1 - Updated August 23, 2012

Red Hat 5 STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012

HP-UX 11.23 Manual STIG - Version 1, Release 1 - Updated August 23, 2012

HP-UX 11.23 STIGS Benchmark, Version 1, Release 1 - Updated August 23, 2012

HP-UX 11.31 Manual STIG - Version 1, Release 1 - Updated August 23, 2012

HP-UX 11.31 STIGS Benchmark, Version 1, Release 1 - Updated August 23, 2012

AIX 5.3 Manual STIG, Version 1, Release 1 - Updated August 23, 2012

AIX 5.3 STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012

AIX 6.1 Manual STIG, Version 1, Release 1 - Updated August 23, 2012

AIX 6.1 STIG Benchmark, Version 1, Release 1 - Updated August 23, 2012

IAVM to CVE Mapping Spreadsheet - Updated August 17, 2012

SCC 3.0.2 RHEL i686 - Updated August 13, 2012

SCC 3.0.2 RHEL x86 64 - Updated August 13, 2012

SCC 3.0.2 Solaris i386 - Updated August 13, 2012

SCC 3.0.2 Solaris SPARC - Updated August 13, 2012

SCC 3.0.2 Windows - Updated August 13, 2012

SCC 3.0.2 SCC DEBIAN i386 - Updated August 13, 2012

SCC 3.0.2 DEBIAN AMD64 - Updated August 13, 2012

Internet Explorer 9 STIG Version 1, Release 2 - Updated August 13, 2012

Internet Explorer 9 STIG Benchmark - Version 1, Release 3 - Updated August 13, 2012

Microsoft .NET Framework 4, Version 1, Release 1 - Updated August 10, 2012

IAVM to CVE Mapping Spreadsheet - Updated August 10, 2012

Gold Disk Related FAQS - Updated August 9, 2012

STIG Library Compilation Bulk Download (.zip format) - Updated August 8, 2012

Draft Java Runtime Environment (JRE) 6, Version 1, Release 0.1 - Updated August 8, 2012

Draft Java Runtime Environment (JRE) 6, Version 1, Release 0.1 - Updated August 8, 2012

Gold Disk (*PKI) - Updated July 27, 2012

IAVM 2012 Benchmarks - Updated July 24, 2012

Draft Intrusion Detection and Prevention System SRG, Version 1, Release 0.3 - Updated July 17, 2012

Windows 7 STIG Benchmark Version 1, Release 12 - Updated July 13, 2012

Database Security Requirements Guide (SRG) - Version 1, Release 1 - Updated July 13, 2012

The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA Field Security Operations (FSO) has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack. DISA FSO is in the process of moving the STIGs towards the use of the NIST Security Content Automation Protocol (S-CAP) in order to be able to “automate” compliance reporting of the STIGs.

A STIG Security Checklist, typically a companion of a STIG, is essentially a document that contains instructions or procedures to manually verify compliance to a STIG. STIGs have been under optimization efforts since 2008 to begin to combine the STIG and STIG Security Checklist into one document. Currently, however, you will still find instances where there are still STIGs with accompanying STIG Checklists.

A Benchmark is an “automated” STIG which may be used in conjunction with an Security Content Automation Protocol (SCAP) compliant tool to provide automated compliance reporting for the STIG.

Security Readiness Review (SRRs) Scripts test products for STIG compliance. SRR Scripts are available for some operating systems and databases that have STIGs. The SRR scripts are unlicensed tools developed by the FSO and the use of these tools on products is completely at the user's own risk.

The DISA FSO Windows Gold disk tool provides an automated mechanism for compliance reporting and remediation to the Windows STIGs. The FSO Windows Gold Disks are an unlicensed tool developed by the FSO, the use of this tool is completely at the user's own risk. Currently, the Gold Disk supports Windows XP, Windows Vista, Windows 2003, Windows 2008 R1. There are no plans to develop Gold Disks for future technologies or products, FSO will utilize the SCAP standards for compliance reporting for Windows 7.

Questions or comments? Please contact DISA Field Security Operations (FSO)
Helpdesk Email: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil

An Adobe Acrobat Reader is required to view PDF files.

Web page last revised: 10/19/2012

UNCLASSIFIED