close

STIGS

diarmf - implementRisk Management For DoD ITSTIGS

Joint Information Environment (JIE) Network Device Security Technical Implementation Guides (STIGs) Version 1

no thumb

DoD Instruction 8500.01 tasks DISA “develops and maintains control correlation identifiers (CCIs), security requirements guides (SRGs), security technical implementation guides (STIGs), and mobile code risk categories and usage guides that implement and are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures, with the support of the NSA/CSS, using input from stakeholders” and DoD Component heads “ensure that all DoD IT under their purview complies with applicable STIGs, security configuration guides, and SRGs.”

In accordance with DoD Instruction 8500.01, the JIE Network Device STIGs are released for immediate use. These STIGs are available on http://iase.disa.mil.

read more
Risk Management For DoD ITSTIGS

Windows Server 2012 Domain Name System (DNS) Security Technical Implementation Guide (STIG) Version 1

Windows-Server-2012-Domain-Name-System

DISA has released the Windows Server 2012 DNS STIG Version 1. The
requirements of the STIG become effective immediately. The STIG is available
on IASE at:
http://iase.disa.mil/stigs/net_perimeter/network-other/Pages/network-other.a
spx.Windows-Server-2012-Domain-Name-System

VMS Users: The Windows 2012 Server DNS STIG requirements will need to be
manually applied to an asset in VMS by adding the “Windows 2012 DNS” element
(found under Computing>Application>DNS Applications) to the asset’s posture.

The “Windows DNS” element from the previous version DNS STIG will still
remain applied to the asset’s posture, along with the requirements related
to the previous version. That previous version element should be manually
removed from an asset’s posture once the assessment results from the
previous version are no longer needed.

read more
Risk Management For DoD ITSTIGS

SRG/STIG Applicability Guide and Collection Tool Update

STIG cover

SRG/STIG Applicability Guide and Collection Tool Update

DISA has released an update to the Security Requirements Guide (SRG) and Security Technical Implementation Guide (STIG) Applicability Guide and Applicable SRG/STIG Collection Tool.

The purpose of the SRG/STIG Applicability Guide and Collection Tool is to assist the SRG/STIG user community in determining what SRGs and/or STIGs apply to a particular situation or Information System (IS) and to create a fully formatted document containing a “Collection” of SRGs and STIGs applicable to the situation being addressed.

The SRG/STIG Applicability Guide and Collection Tool is available for download from the Information Assurance Support Environment (IASE) web site at: http://iase.disa.mil/stigs/agct/Pages/index.aspx

read more
STIGS

Draft DoD Internet-NIPRNet DMZ STIG Version 3

no thumb

DISA has developed the Draft DoD Internet-NIPRNet DMZ STIG Version 3.

The draft STIG and spreadsheet are available at:
http://iase.disa.mil/stigs/net_perimeter/enclave-dmzs/Pages/dmz-imp.aspx

Please provide comments, recommended changes, and/or additions to the draft STIG by 20 March 2015 on the Comment Matrix spreadsheet.

Comments should be sent via NIPRNet email to:  disa.stig_spt@mail.mil.
Include the title and version of the STIG in the subject line of your email.

 

read more
STIGS

Apple OS X 10.9 (Mavericks) Workstation STIG, V1R1

OS X Mavericks 10.9

DISA has released the Apple OS X 10.9 (Mavericks) Workstation STIG Version
1.   The requirements of the STIG become effective immediately.

The STIG is available on IASE at
http://iase.disa.mil/stigs/os/mac/Pages/mac-os.aspx.

DoD Instruction 8500.01 tasks DISA “develops and maintains control correlation identifiers (CCIs), security requirements guides (SRGs), security technical implementation guides (STIGs), and mobile code risk categories and usage guides that implement and are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures, with the support of the NSA/CSS, using input from stakeholders” and DoD Component heads “ensure that all DoD IT under their purview complies with applicable STIGs, security configuration guides, and SRGs.” DISA considered all the applicable technical NIST SP 800-53 requirements while developing this STIG. Requirements which are applicable and configurable are included in the final STIG. DoD information systems require password complexity and account management for authentication and confidentiality.

 

STIG OSX Mavericks MAC
STIG OSX Mavericks MAC

Apple OS X 10.9 natively does not provide these capabilities. In order for systems to meet these requirements, they must be connected to an Active Directory infrastructure or similar LDAP solution. A report marked For Official Use Only (FOUO) is available for further items that did not meet requirements. The compliance report is available to component Authorizing Official (AO) personnel for use in their certification and risk assessment. AO requests for the compliance report may be sent via email to disa.stig_spt@mail.mil. In accordance with DoD Instruction 8500.01, the Apple OS X 10.9 (Mavericks) Workstation STIG Version 1 is released for immediate use. The document is available on http://iase.disa.mil.

read more
STIGS

Oracle Linux 5 STIG V1R1

Oracle Linux 5 STIG V1R1

Oracle Linux 5 STIG V1R1

DISA Field Security Operations (FSO) has released the Oracle Linux 5 STIG Version 1. The requirements of the STIG become effective immediately.

Oracle Linux 5 Overview:

Oracle Linux 5 STIG V1R1
image: bestconnected.enterprise-ireland.com

DoD Instruction (DoDI) 8500.01 requires that “all IT that receives, processes, stores, displays, or transmits DoD information will be […] configured […] consistent with applicable DoD cybersecurity policies, standards, and architectures” and tasks that Defense Information Systems Agency (DISA) “develops and maintains control correlation identifiers (CCIs), security requirements guides (SRGs), security technical implementation guides (STIGs), and mobile code risk categories and usage guides that implement and are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures, with the support of the NSA/CSS, using input from stakeholders, and using automation whenever possible.” This document is provided under the authority of DoDI 8500.01. – Oracle Linux V V1R1

 

Although the use of the principles and guidelines in these SRGs/STIGs provide an environment that contributes to the security requirements of DoD systems, applicable NIST SP 800-53 cybersecurity controls need to be applied to all systems and architectures based on the Committee on National Security Systems (CNSS) Instruction (CNSSI) 1253.

 

The STIG is available on IASE at http://iase.disa.mil/stigs/os/unix/oracle_linux.html.

read more
1 10 11 12
Page 12 of 12