• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs
  • Log in

srg

STIG Update – Quarterly release: SRG-STIG_Library.zip

November 1, 2017 by Bruce Brown Leave a Comment

STIG Update – Quarterly release: SRG-STIG_Library.zip


DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations.

The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) (provided in XCCDF or .pdf format), Checklists, Security Readiness Review (SRR) Tools that are available through the IASE web site’s STIG pages.

Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled U_SRG-STIG_Library.zip and FOUO _SRG-STIG_Library.zip.  The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines.

Please see “SRG/STIG Library Compilation READ ME” for additional information to include download / extraction instructions and a FAQ.

All related files are available on IASE at: https://iase.disa.mil/stigs/compilations/Pages/index.aspx.

Filed Under: STIGS Tagged With: disa, implimentation, srg, STIG, stig library

Quarterly release: SRG-STIG_Library.zip

February 2, 2016 by Bruce Brown Leave a Comment

DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations.

The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) ( provided in XCCDF or .pdf format), Checklists, Security Readiness Review (SRR) Tools that are available through the IASE web site’s STIG pages.

Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled  U_SRG-STIG_Library.zip and FOUO _SRG-STIG_Library.zip.  The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines.

Please see “SRG/STIG Library Compilation READ ME” for additional information to include include download / extraction instructions and a FAQ.

All related files are available on IASE at: http://iase.disa.mil/stigs/dod-purpose-tool/Pages/index.aspx.

Filed Under: diarmf - implement, STIGS Tagged With: implemenation, srg, STIG

DISA Draft Mainframe Product Security Requirement Guide

January 19, 2016 by Bruce Brown Leave a Comment

DISA has developed the Draft Mainframe Product Security Requirement Guide (SRG) Version 1.

The Draft SRG is available at:

http://iase.disa.mil/stigs/srgs/Pages/index.aspx

Please provide comments, recommended changes, and/or additions to the draft SRG by 4 February 2016 on the Comment Matrix spreadsheet, and send comments via NIPRNet email to: disa.stig_spt@mail.mil.  Include the title and version of the SRG in the subject line of your email.

Filed Under: diarmf - implement, STIGS Tagged With: disa, mainframe, security requirement guide, srg, STIG

Security Guidance, Security Readiness Review Scripts and Benchmarks

October 26, 2015 by Bruce Brown Leave a Comment

DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks:

Unclassified SRGs:  http://iase.disa.mil/stigs/srgs/Pages/index.aspx

Application Server SRG Ver 2, Rel 2
Domain Name System (DNS) SRG Ver 2, Rel 4 Network Device Management SRG Ver 2, Rel 3 Router SRG – Ver 2, Rel 2 Web Server SRG Ver 2, Rel 2

Unclassified Application STIGs/SRGs:  http://iase.disa.mil/stigs/app-security/Pages/index.aspx

Access 2007 STIG – Ver 4, Rel 12
Apache 2.2 UNIX STIG Ver 1, Rel 8
Apache 2.2 Windows STIG Ver 1, Rel 8
Email Services Policy STIG Ver 2, Rel 6
Excel 2007 STIG Ver 4, Rel 12
Exchange 2010 Edge STIG Ver 1, Rel 10
Exchange 2010 Hub STIG Ver 1, Rel 10
Google Chrome Browser STIG for Windows Ver 1, Rel 3 IIS 7 STIG Ver 1, Rel 9 Infopath 2007 STIG Ver 4, Rel 12 Internet Explorer 10 STIG Ver 1, Rel 11 McAfee Virus Scan 8.8 Local Client STIG Ver 5, Rel 7 Mcafee Virus Scan 8.8 Managed Client STIG Ver 5, Rel 8 Microsoft Sharepoint 2010 STIG Ver 1, Rel 7 Mcrosoft Sharepoint 2013 STIG Ver 1, Rel 2 Mozilla Firefox STIG Ver 4, Rel 13 Office 2010 Overview Ver 1, Rel 12 Office System 2007 STIG Ver 4, Rel 14 Oracle 11.2g Database STIG Ver 1, Rel 5 Oracle Database 11g Database STIG Ver 8, Rel 15 Outlook 2007 STIG Ver 4, Rel 15 Outlook 2010 STIG Ver 1, Rel 11 Outlook 2013 STIG Ver 1, Rel 5 PowerPoint 2007 STIG Ver 4, Rel 14 SQL Server 2012 STIG Ver 1, Rel 8 Word 2007 STIG Ver 4, Rel 14

Unclassified Network STIGs:  http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx

Bind DNS STIG Ver 4, Rel 1.19
Defense Switched Network (DSN) STIG Ver 2, Rel 7 Enclave Test and Development STIG Ver 1, Rel 2
F5 BIG_IP Device Mangement 11.x STIG Ver 1, Rel 2 IPSEC VPN Gateway STIG Ver 1, Rel 10 MultiFunction Device and Network Printers STIG Ver 2, Rel 7 Network Firewall STIG Ver 8, Rel 19 Network Infrastructure Router L3 Switch STIG Ver 8, Rel 19 Network L2 Switch STIG Ver 8, Rel 19 Network Other Devices STIG Ver 8, Rel 19 Network Perimeter Router L3 Switch STIG Ver 8, Rel 21 Network WLAN STIG Ver 6, Rel 10 Remote Access Policy STIG Ver 2, Rel 10 Voice and Video over Internet Protocol (VVoIP) Policy STIG Ver 3, Rel 7 Voice and Video over Internet Protocol (VVoIP) STIG Ver 3, Rel 7 Windows Server 2012 DNS STIG Ver 1, Rel 2

Unclassified Mobility STIGs:  http://iase.disa.mil/stigs/mobility/Pages/index.aspx

BlackBerry Enterprise Service 10.2.x BlackBerry Device Service STIG Ver 1, Rel 4 BlackBerry OS 7 STIG Ver 2, Rel 9

Unclassified Operating System STIGs: http://iase.disa.mil/stigs/os/Pages/index.aspx

Apple OS X 10.10 Workstation STIG Ver 1, Rel 2 AIX 6.1 STIG Ver 1 Rel 5
ESXi5 Server Ver 1, Rel 8
HP UX 11.23 Manual STIG Ver 1, Rel 7
HP UX 11.31 Manual STIG Ver 1, Rel 8
Oracle Linux 5 Manual STIG Ver 1, Rel 4
Oracle Linux 6 Manual STIG Ver 1, Rel 4
Red Hat 5 Manual STIG Ver 1 Rel 12
Red Hat 6 STIG Ver 1 Rel 9
Solaris 10 SPARC Manual STIG Ver 1, Rel 12 Solaris 10 x86 Manual STIG Ver 1 Rel 12 Solaris 11 SPARC Manual STIG Ver 1, Rel 5 Solaris 11 x86 Manual STIG Ver 1, Rel 5 Windows 2008 DC STIG Ver 6, Rel 31 Windows 2008 MS STIG Ver 6, Rel 31 Windows 2008 R2 DC STIG VER 1, Rel 17 Windows 2008 R2 MS STIG Ver 1, Rel 17 Windows 2012 and 2012 DC STIG Ver 2, Rel 3 Windows 2012 and 2012 MS STIG Ver 2, Rel 3 Windows Vista STIG Ver 6, Rel 38 Windows 7 STIG Ver 1, Rel 21 Windows 8/8.1 STIG Ver 1, Rel 11 zOS ACF2 STIG Ver 6, Rel 25 zOS RACF STIG Ver 6, Rel 25 zOS TSS STIG Ver 6, Rel 25

FOUO HBSS: http://iase.disa.mil/stigs/hbss/Pages/index.aspx
NOTE: DoD PKI Certificate Required

HBSS Agent Handler STIG  Ver 1, Rel 6
HBSS Asset Baseline Monitor STIG Ver 4, Rel 8 HBSS ePO 4.5 Rollup STIG Ver 4, Rel 12 HBSS ePO 4.5 Site STIG Ver 4, Rel 14 HBSS ePO 4.6 STIG Ver 4, Rel 15 HBSS ePO 5.1 STIG Ver 1, Rel 6 HBSS HIP 8 Firewall STIG Ver 1, Rel 5 HBSS HIP 8 STIG Ver 4, Rel 13 HBSS Remote Console STIG Ver 4, Rel 11 McAfee MOVE STIG Overview – Ver 1, Rel 1 McAfee MOVE Agentless 3.0 SVA STIG Ver 1, Rel 2 McAfee MOVE Agentless 3.0 VSEL for SVA STIG Ver 1, Rel 2 McAfee MOVE Multi-Platform 2.6 Client STIG Ver 1, Rel 3 McAfee MOVE Multi-Platform 2.6 OSS STIG Ver 1, Rel 3

FOUO Network Perimeter:  http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
NOTE:  DoD PKI Certificate Required

DoD Secure Telecommunications and DRSN STIG Ver 1, Rel 6 REL LAN STIG Ver 1, Rel 8

Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx

AIX 6.1 STIG Benchmark Ver 1, Rel 5
HP-UX 11.23 STIG Benchmark Ver 1 Rel 8
HP-UX 11.31 STIG Benchmark Ver 1 Rel 9
Internet Explorer 10 STIG Benchmark Ver 1, Rel 6 Microsoft .NET Framework 4 STIG Benchmark Ver 1, Rel 3 Outlook 2010 STIG Benchmark Ver 1, Rel 2 Red Hat 5 STIG Benchmark Ver 1, Rel 13 Red Hat 6 STIG Benchmark Ver 1, Rel 9 Solaris 10 SPARC STIG Benchmark Ver 1, Rel 12 Solaris 10 x86 STIG Benchmark Ver 1, Rel 12 Solaris 9 SPARC STIG Benchmark Ver 1, Rel 12 Windows 2008 DC STIG Benchmark Ver 6, Rel 33 Windows 2008 MS STIG Benchmark Ver 6, Rel 33 Windows 2008 R2 DC STIG Benchmark Ver 1, Rel 19 Windows 2008 R2 MS STIG Benchmark Ver 1, Rel 19 Windows 2012 and 2012 R2 DC STIG Benchmark Ver 2, Rel 3 Windows 2012 and 2012 R2 MS STIG Benchmark Ver 2, Rel 3 Windows 7 STIG Benchmark Ver 1, Rel 27 Windows 8/8.1 Benchmark Ver 1, Rel 12 Windows Vista Benchmark Ver 6, Rel 41

STIGs no longer supported:  http://iase.disa.mil/stigs/sunset/Pages/index.aspx

Apache 2.0 UNIX STIG Ver 1, Rel 5
Apache 2.0 Windows STIG Ver 1, Rel 5
Solaris 9 SPARC Manual STIG Ver 1, Rel 9 Solaris 9 x86 Manual STIG Ver 1, Rel 9 Symantec Endpoint Protection 12.1 Local Client STIG Ver 1, Rel 3 Symantec Endpoint Protection 12.1 Managed Client STIG Ver 1, Rel 4 Symantec Endpoint Protection 12.1 Overview Ver 1, Rel 1

Filed Under: diarmf - implement, STIGS Tagged With: security guidance, srg, STIG

DISA Cloud Computing Documents released for comment

August 5, 2015 by Bruce Brown Leave a Comment

disa cloud computing
disa cloud computing

DISA has developed the following DRAFT documents related to Cloud Computing
Security and the use/integration of Cloud Computing in DoD which are available
for community review and feedback/comments:
. Draft Cloud Computing Security Requirements Guide (SRG), Version 1 Release 2
. Draft Cloud Access Point (CAP) Functional Requirements Document (FRD) V2.2
. Draft Concept of Operations (CONOPS) for Cloud Computer Network Defense
(CND) v1

The Draft documents and a Comment Matrix for each (in a .zip file) are
available at:
http://iase.disa.mil/cloud_security/Pages/index.aspx.

Please provide comments by [DATE TBD 3 WEEKS after posting] on the Comment
Matrix associated with each document via one unclassified email for each
comment matrix to:
disa.letterkenny.re.mbx.stig-info@mail.mil

Please Note: It is critical that each comment matrix is returned in a separate
email with the subject line stating “[Your organization] Comments for
[document title]” so we can distribute the comment matrices to the appropriate
team for each document and easily identify the source.

Filed Under: diarmf - implement, STIGS Tagged With: diarmf - implement, disa, srg, STIG

SRG/STIG Applicability Guide and Collection Tool Update

April 9, 2015 by Bruce Brown 1 Comment

SRG/STIG Applicability Guide and Collection Tool Update

DISA has released an update to the Security Requirements Guide (SRG) and Security Technical Implementation Guide (STIG) Applicability Guide and Applicable SRG/STIG Collection Tool.

The purpose of the SRG/STIG Applicability Guide and Collection Tool is to assist the SRG/STIG user community in determining what SRGs and/or STIGs apply to a particular situation or Information System (IS) and to create a fully formatted document containing a “Collection” of SRGs and STIGs applicable to the situation being addressed.

The SRG/STIG Applicability Guide and Collection Tool is available for download from the Information Assurance Support Environment (IASE) web site at: http://iase.disa.mil/stigs/agct/Pages/index.aspx

Filed Under: Risk Management For DoD IT, STIGS Tagged With: collection, iase, srg, STIG, stigs, tool

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Convocourses Podcast: Plan of Action and Milestone
  • Start with These IT Certifications (Part 1)
  • How to Tailor Security Controls in NIST 800
  • #cybersecurityjobs are recession proof
  • What IT Certifications for Information Security (part 2) (8140)

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce IA implement implementation info assurance information assurance information security ISSO IT it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in