What is a DISA STIG Checklist?

What is a DISA STIG Checklist?

DISA STIGs are comprehensive technical guides that outline controls to counter security risks and known vulnerabilities. STIGs take the form of a checklist of configurations to help with implementation, but hundreds of controls can take up time and resources.

What is DISA STIG compliance?

According to DISA, STIGs “are the configuration standards for DOD [information assurance, or IA] and IA-enabled devices/systems… The STIGs contain technical guidance to ‘lock down’ information systems/software that might otherwise be vulnerable to a malicious computer attack.”

How do I make a STIG Checklist?


  1. Go to the Applications page and select an application.
  2. In the application’s Overview page, click the reporting icon and select Generate STIG Viewer Checklist.
  3. In the window that appears, import a STIG Viewer checklist (. ckl) file.
  4. Click Generate to download an updated STIG Viewer checklist (. ckl) file.

What are STIG controls?

A Security Technical Implementation Guide (STIG) is a configuration standard consisting of cybersecurity requirements for a specific product. The use of STIGs enables a methodology for securing protocols within networks, servers, computers, and logical designs to enhance overall security.

How do you use DISA STIGs?

How do I apply DISA STIGS to my systems? If you want to use STIGs to secure your windows based systems then use group policy. To do so you will need to download the relevant admin or ADMX files and upload them to group policy. You can find the ADMX files for a wide range of apps and operating systems via Google.

What is SCC tool?

The SCAP Compliance Checker is an automated compliance scanning tool that leverages the DISA Security Technical Implementation Guidelines (STIGs) and operating system (OS) specific baselines to analyze and report on the security configuration of an information system.

What is CIS DISA?

The two most common system configuration baselines for cybersecurity are the Center for Internet Security’s CIS Benchmarks, and the US Department of Defense Systems Agency (DISA) Security Technical Implementation Guides (STIG). Both are widely deployed and trusted worldwide.

Is DISA part of DoD?

The Defense Information Systems Agency (DISA), known as the Defense Communications Agency (DCA) until 1991, is a United States Department of Defense (DoD) combat support agency composed of military, federal civilians, and contractors.

What is evaluate Stig?

Dan Ireland combined and expanded sample code provided by colleagues Nick Hurley and Rickey Beem to create the Evaluate-STIG (Security Technical Implementation Guide) tool, a Windows Powershell tool with the ability to highly automate the process of documenting system compliance.


Related Posts