• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs
  • Log in

DISA Security Guidance, Security Readiness Review Scripts and Benchmarks

June 15, 2015 by Bruce Brown Leave a Comment

DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks:

Unclassified Application STIGs/SRGs:  http://iase.disa.mil/stigs/app-security/Pages/index.aspx

Email Services Policy STIG Ver 2, Rel 5
Exchange 2010 Client Access STIG Ver 1, Rel 7
Exchange 2010 Edge STG Ver 1, Rel 8
Exchange 2010 Hub STIG Ver 1, Rel 8
Exchange 2010 Mailbox STIG Ver 1, Rel 6
Internet Explorer 7 STIG Ver 1 Rel 18
Internet Explorer 8 STIG Ver 1 Rel 18
Internet Explorer 9 STIG Ver 1 Rel 13
Internet Explorer 10 STIG Ver 4 Rel 9
Internet Explorer 11 STIG Ver 1 Rel 5
McAfee Virus Scan 8.8  Local STIG Ver 5, Rel 5
McAfee Virus Scan 8.8 Managed Client STIG Ver 5, Rel 6
McAfee Virus Scan 8.8 Overview Ver 5, Rel 6
Mozilla Firefox STIG Ver 4, Rel 11
Oracle 11.2g Database STIG Ver 1, Rel 3
Oracle 11g Database STIG Ver 8, Rel 1.13
Outlook 2013 STIG Ver 1, Rel 3
PowerPoint 2007 STIG Ver 4, Rel 13
SQL Server 2012 STIG Ver 1 Rel 6
Sun Ray 4 STIG Ver 1, Rel 2

Unclassified Network STIGs:  http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx

Apple OS X 10.8 STIG Ver 1, Rel 2
BlackBerry 10.2x OS STIG Ver 1, Rel 5
BlackBerry Enterprise Service 10.2.x BlackBerry Device Service STIG Ver 1, Rel 4
MultiFunction Device and Network Printers STIG Ver 2, Rel 5
Network Perimeter Router L3 Switch Ver 8, Rel 19
Removable Storage and External Connections STIG Ver 1, Rel 3
Samsung Android (with Knox 2.x) STIG Ver 1, Rel 2
Video Tele-Conference Services Policy STIG Ver 1, Rel 6

Unclassified Operating System STIGs: http://iase.disa.mil/stigs/os/Pages/index.aspx

Apple OS X 10.8 STIG Ver 1, Rel 2
ESXi 5 Server STIG Ver 1, Rel 7
ESXi5 Virtual Machine STIG Ver 1, Rel 4
HP UX 11.23 Manual STIG Ver 1, Rel 5
HP UX 11.31 Manual STIG Ver 1, Rel 6
Oracle Linux 5 Manual STIG Ver 1, Rel 2
Oracle Linux 6 Manual STIG Ver 1, Rel 2
Red Hat 5 Manual STIG Ver 1 Rel 10
Red Hat 6 STIG Ver 1 Rel 7
Solaris 9 SPARC Manual STIG Ver 1 Rel 8
Solaris 9 x86 Manual STIG Ver 1 Rel 8
Solaris 10 x86 Manual STIG Ver 1 Rel 10
Solaris 10 SPARC Manual STIG Ver 1 Rel 10
Solaris 11 SPARC Manual STIG Ver 1, Rel 3
Solaris 11 x86 Manual STIG Ver 1, Rel 3
SUSE Linux Enterprise Server (SLES) v11 for System z STIG Ver 1 Rel 5
Windows Operating Systems Overview Ver 1, Rel 2
Windows 2003 DC STIG Ver 6, Rel 36
Windows 2003 MS STIG Ver 6, Rel 36
Windows 2008 DC STIG Ver 6, Rel 29
Windows 2008 MS STIG Ver 6, Rel 29
Windows 2008 R2 DC STIG Ver 1, Rel 15
Windows 2008 R2 MS STIG Ver 1, Rel 15
Windows Firewall and Advanced Security STIG  Ver 1, Rel 2
Windows Vista STIG Ver 6, Rel 36
Windows 7 STIG Ver 1, Rel 19
Windows 8/8.1 STIG Ver 1, Rel 9
zOS ACF2 STIG Ver 6, Rel 23
zOS RACF STIG Ver 6, Rel 23
zOS TSS STIG Ver 6, Rel 23

For Your Situational Awareness:

The Severity Level for the EMET Install requirement (V-39137), which is in the Windows STIGs, was increased from  a CAT II to a CAT I per USCYBERCOM Task Order.
EMET is a free tool from Microsoft, which allows the configuration of several security mechanisms at the system level and for applications, providing additional levels of protection.

FOUO HBSS: http://iase.disa.mil/stigs/hbss/Pages/index.aspx
NOTE: DoD PKI Certificate Required

HBSS Overview Ver 4, Rel 16
HBSS Agent Handler STIG Ver 1, Rel 4
HBSS Asset Baseline Monitor STIG Ver 4, Rel 7
HBSS ePO 4.5 Rollup STIG Ver 4, Rel 10
HBSS ePO 4.5 Site STIG Ver 4, Rel 12
HBSS ePO 4.6 STIG Ver 4, Rel 13
HBSS ePO 5.1 STIG Ver 1, Rel 4
HBSS HIP 8 STIG Ver 4, Rel 11
HBSS HIP STIG Ver 4, Rel 8
HBSS McAfee Agent STIG Ver 4, Rel 9
HBSS Policy Auditor STIG Ver 4, Rel 7
HBSS Rogue Sensor STIG Ver 4, Rel 8

Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx

HP-UX 11.23 STIG Benchmark Ver 1 Rel 6
HP-UX 11.31 STIG Benchmark Ver 1 Rel 7
Red Hat 5 STIG Benchmark Ver 1 Rel 11
Red Hat 6 STIG Benchmark Ver 1 Rel 7
Solaris 9 SPARC STIG Benchmark Ver 1 Rel 10
Solaris 10 SPARC STIG Benchmark Ver 1 Rel 10
Solaris 10 x86 STIG Benchmark Ver 1 Rel 10
Windows 2003 DC STIG Benchmark Ver 6 Rel 1.39
Windows 2003 MS STIG Benchmark Ver 6 Rel 1.39
Windows 2008 DC STIG Benchmark Ver 6 Rel 1.31
Windows 2008 MS STIG Benchmark Ver 6 Rel 1.31
Windows 2008 R2 DC STIG Benchmark Ver 1 Rel 17
Windows 2008 R2 MS STIG Benchmark Ver 1 Rel 17
Windows 7 STIG Benchmark Ver 1 Rel 25
Windows 8/8.1 STIG Benchmark Ver 1 Rel 10
Windows Firewall STIG Benchmark Ver 1 Rel 2
Windows Vista STIG Benchmark Ver 6 Rel 1.39

STIGs no longer supported:  http://iase.disa.mil/stigs/sunset/Pages/index.aspx

SQL Server 2005 Database STIG Ver 8, Rel 1.8

Filed Under: Risk Management For DoD IT, STIGS Tagged With: stigs

Reader Interactions

Leave a Reply Cancel reply

You must be logged in to post a comment.

Social connect:

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Convocourses Podcast: Plan of Action and Milestone
  • Start with These IT Certifications (Part 1)
  • How to Tailor Security Controls in NIST 800
  • #cybersecurityjobs are recession proof
  • What IT Certifications for Information Security (part 2) (8140)

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce IA implement implementation info assurance information assurance information security ISSO IT it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in