• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

STIGS

Implementation of security controls resources part 1

March 3, 2021 by cyberaware2 Leave a Comment

What do you use to implement security controls?
First of all, implementation of security controls means to put security on your server, workstations or other information systems. The best guidance is where ever you can get it from. Your organization may provide resources to you. This could be process and procedures. You can also use security implementation guides https://public.cyber.mil/stigs/
But probably the best and most comprehensive source of implementation guidance is from the vendor of the system or OS you are using. For Cisco router security implementation they have guidance on Cisco.com (for example). Cisco probably won’t call them “security controls” but if you know you need to update the IOS, you would search their site for how to update the IOS and what is the most current IOS for your internetwork device.

Filed Under: diarmf - implement, STIGS Tagged With: implementation, rmf implementation, stigs

convocourses podcast: RMF Course Updates New NIST 800-53

December 9, 2020 by cyberaware2 Leave a Comment

On this podcast we discuss the following:
0:00 blank intro
0:40 Start of convocourse podcast
1:43 Helping with Master Degree on Nist RMF
2:38 Complete Course of NIST RMF
5:45 RMF NIST Course as an Audio file
7:40 RMF NIST Security Control Interpretation
11:40 ISSO lean to Support the team
15:52 Cannot get an ISSO Job
17:34 Security Control Family Interpretation
21:57 NIST RMF 800 and Privacy added
29:15 illegal pricing
31:33 ISC2 CAP vs ISSO work

http://www.nist80037rmf.com/wp-content/uploads/2020/12/convocourses-podcast-RMF-Course-Updates-New-NIST-53a.mp3

Podcast: Play in new window | Download

Subscribe: Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS

Filed Under: podcast, Risk Management For DoD IT, STIGS

Cybersecurity Convocourses Control Correlation Identifier (CCI), CIS and STIGS (PODCAST)

September 6, 2020 by cyberaware2 Leave a Comment

This is a breakdown of how CCI Controls map to STIGS and CIS.

http://www.nist80037rmf.com/wp-content/uploads/2020/09/Cybersecurity-Convocourses_-Control-Correlation-Identifier-CCI-CIS-and-STIGS.mp3

Podcast: Play in new window | Download

Subscribe: Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS

Filed Under: convocourses, podcast, Risk Management For DoD IT, STIGS Tagged With: cci, convocourses, cybersecurity, podcast, stigs

STIG Update – STIG Viewer Version 2.9

May 9, 2019 by cyberaware2 Leave a Comment

STIG Update – STIG Viewer Version 2.9
DISA has released STIG Viewer Version 2.9. This latest version of STIG Viewer is available at https://iase.disa.mil/stigs/Pages/index.aspx.

Updates in Version 2.9 include the following additions:
– NIST SP 800-53 revision 4 control IDs to CSV exports of STIGs and Checklists
– Status to Checklist filters.
– Ability to create filtered Checklists from STIG filter results.
– Ability to filter on STIG names to the top of the STIGs list
– FQDN (fully-qualified domain name) to Checklist CSV export.

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

Filed Under: STIGS Tagged With: STIG, STIG Update, stig viewer

STIG Update – April 2019 Quarterly Release

May 7, 2019 by cyberaware2 Leave a Comment

STIG Update – April 2019 Quarterly Release
DISA has released the following updated Security Guidance, Security
Readiness Review Scripts and Benchmarks:

Unclassified Application STIGs : http://iase.disa.mil/stigs/app-security/Pages/index.aspx
Adobe Acrobat Professional Document Cloud (DC) Classic STIG, Version 1, Release 2
Citrix XenDesktop 7.x Delivery Controller STIG, Version 1, Release 2
Citrix XenDesktop 7.x License Server STIG, Version 1, Release 2
Citrix XenDesktop 7.x Windows Virtual Delivery Agent (VDA) STIG, Version 1, Release 2
McAfee VirusScan 8.8 Managed Client STIG, Version 5, Release 20
McAfee VSEL 1.9/2.0 Local Client STIG, Version 1, Release 4
McAfee VSEL 1.9/2.0 Managed Client STIG, Version 1, Release 4
Microsoft DotNet Framework 4.0 STIG, Version 1, Release 7
Microsoft Exchange 2010 Edge Transport Server STIG, Version 1, Release 5
Microsoft Exchange 2013 Edge Transport Server STIG, Version 1, Release 5
Microsoft Exchange 2013 Mailbox Server STIG, Version 1, Release 4
Microsoft Exchange 2016 Edge Transport Server STIG, Version 1, Release 2
Microsoft IIS 7.0 STIG, Version 1, Release 18
Microsoft IIS 8.5 Server STIG, Version 1, Release 7
Microsoft IIS 8.5 Site STIG, Version 1, Release 7
Microsoft Internet Explorer 11 STIG, Version 1, Release 17
Microsoft Office System 2013 STIG, Version 1, Release 8
Microsoft SQL Server 2016 Database STIG, Version 1, Release 4
Microsoft SQL Server 2016 Instance STIG, Version 1, Release 5
Microsoft Windows Defender Antivirus STIG, Version 1, Release 5
Mozilla FireFox STIG, Version 4, Release 25
PostgreSQL 9.x STIG, Version 1, Release 5
Web Server SRG, Version 2, Release 3

Unclassified Network STIGs and SRGs: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
BIND 9.x STIG, Version 1, Release 6
IBM MaaS360 with Watson MDM v10.x STIG, Version 1, Release 2
Infoblox 7.x DNS STIG, Version 1, Release 7
Network Infrastructure Policy STIG, Version 9, Release 8
Network WLAN STIG, Version 6, Release 15
Router SRG, Version 3, Release 2
Voice Video Endpoint SRG, Version 1, Release 9
Voice Video over Internet Protocol STIG, Version 3, Release 14
Voice Video Services Policy STIG, Version 3, Release 16

Unclassified Operating System STIGs and Overviews: http://iase.disa.mil/stigs/os/Pages/index.aspx
Active Directory Domain STIG, Version 2, Release 13
Apple OS X 10.3 (Sierra) STIG, Version 1, Release 2
Canonical Ubuntu 16.04 LTS STIG, Version 1, Release 2
Microsoft Windows Server 2008 DC STIG, Version 6, Release 43
Microsoft Windows Server 2008 MS STIG, Version 6, Release 42
Microsoft Windows Server 2008 R2 DC STIG, Version 1, Release 30
Microsoft Windows Server 2008 R2 MS STIG, Version 1, Release 29
Microsoft Windows Server 2012/2012 R2 DC STIG, Version 2, Release 16
Microsoft Windows Server 2012/2012 R2 MS STIG, Version 2, Release 15
Microsoft Windows Server 2016 STIG, Version 1, Release 8
Oracle Linux 6 STIG, Version 1, Release 15
Red Hat Enterprise Linux 6 STIG, Version 1, Release 22
Red Hat Enterprise Linux 7 STIG, Version 2, Release 3
Solaris 11 SPARC STIG, Version 1, Release 17
Solaris 11 x86 STIG, Version 1, Release 17
SUSE Enterprise Linux 12 STIG, Version 1, Release 2
z/OS ACF2 STIG, Version 6, Release 40
z/OS RACF STIG, Version 6, Release 40
z/OS TSS STIG, Version 6, Release 40

FOUO HBSS STIGs: https://iase.disa.mil/stigs/hbss/Pages/index.aspx
HBSS ePO 5.3/5.9 STIG Version 1, Release 17
HBSS HIP 8 Firewall STIG Version 1, Release 12
HBSS HIP 8 STIG Version 4, Release 22
HBSS Remote Console STIG Version 4, Release 17
McAfee ENS 10.x STIG Version 1, Release 3

FOUO Network STIGS: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
Joint Regional Security Stack STIG Version 1, Release 5

Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx
Microsoft Internet Explorer 11 STIG Benchmark, Version 1, Release 13
Microsoft Windows 2008 DC STIG Benchmark, Version 6, Release 43
Microsoft Windows 2008 MS STIG Benchmark, Version 6, Release 43
Microsoft Windows 2008 R2 DC STIG Benchmark, Version 1, Release 31
Microsoft Windows 2008 R2 MS STIG Benchmark, Version 1, Release 32
Microsoft Windows 2012 and 2012 R2 DC STIG Benchmark, Version 2, Release 16
Microsoft Windows 2012 and 2012 R2 MS STIG Benchmark, Version 2, Release 15
Microsoft Windows Defender Antivirus STIG Benchmark, Version 1, Release 2
Microsoft Windows Server 2016 STIG Benchmark, Version 1, Release 9
Red Hat Enterprise Linux 6 STIG Benchmark, Version 1, Release 23
Red Hat Enterprise Linux 7 STIG Benchmark, Version 2, Release 3
Solaris 11/SPARC STIG Benchmark, Version 1, Release 11
Solaris 11/X86 STIG Benchmark, Version 1, Release 11

Filed Under: DIARMF, diarmf - implement, STIGS Tagged With: april 2019, citrix, disa, exchange, iase, mcafee, microsoft, STIG

STIG Update – Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) – April 2019

May 2, 2019 by cyberaware2 Leave a Comment

STIG Update – Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) – April 2019
Group Policy Objects (GPOs) have been updated for April 2019. See the Change Log document included in the zip file for additional information.

DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.

The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/gpo/Pages/index.aspx

List of GPOs currently in the package:
Office Products:
Adobe Acrobat Pro DC Classic
Office system 2013
Browsers:
Internet Explorer 11
Operating Systems:
Windows Server 2008 R2 MS
Windows Server 2008 R2 DC
Windows Server 2012 R2 MS
Windows Server 2012 R2 DC
Windows Server 2016 MS
Windows Server 2016 DC

AntiVirus:
Windows Defender AntiVirus

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

Filed Under: cyberspace workforce, diarmf - implement, STIGS Tagged With: Adobe Acrobat Pro DC Classic, AntiVirus, GPO, Group Policy Objects, Security Technical Implementation Guides, STIG

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 23
  • Go to Next Page »

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Convocourses Podcast: Plan of Action and Milestone
  • Start with These IT Certifications (Part 1)
  • How to Tailor Security Controls in NIST 800
  • #cybersecurityjobs are recession proof
  • What IT Certifications for Information Security (part 2) (8140)

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce IA implement implementation info assurance information assurance information security ISSO IT it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in