ConvoCourses

Cyber Security Compliance and IT Jobs

srg

STIG Update – Quarterly release: SRG-STIG_Library.zip

by Leave a Comment

STIG Update – Quarterly release: SRG-STIG_Library.zip

DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations.

The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) (provided in XCCDF or .pdf format), Checklists, Security Readiness Review (SRR) Tools that are available through the IASE web site’s STIG pages.

Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled U_SRG-STIG_Library.zip and FOUO _SRG-STIG_Library.zip.  The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines.

Please see “SRG/STIG Library Compilation READ ME” for additional information to include download / extraction instructions and a FAQ.

All related files are available on IASE at: https://iase.disa.mil/stigs/compilations/Pages/index.aspx.

Quarterly release: SRG-STIG_Library.zip

by Leave a Comment

DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations.

The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) ( provided in XCCDF or .pdf format), Checklists, Security Readiness Review (SRR) Tools that are available through the IASE web site’s STIG pages.

Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled  U_SRG-STIG_Library.zip and FOUO _SRG-STIG_Library.zip.  The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines.

Please see “SRG/STIG Library Compilation READ ME” for additional information to include include download / extraction instructions and a FAQ.

All related files are available on IASE at: http://iase.disa.mil/stigs/dod-purpose-tool/Pages/index.aspx.

DISA Draft Mainframe Product Security Requirement Guide

by Leave a Comment

DISA has developed the Draft Mainframe Product Security Requirement Guide (SRG) Version 1.

The Draft SRG is available at:

http://iase.disa.mil/stigs/srgs/Pages/index.aspx

Please provide comments, recommended changes, and/or additions to the draft SRG by 4 February 2016 on the Comment Matrix spreadsheet, and send comments via NIPRNet email to: disa.stig_spt@mail.mil.  Include the title and version of the SRG in the subject line of your email.

Security Guidance, Security Readiness Review Scripts and Benchmarks

by Leave a Comment

DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks:

Unclassified SRGs:  http://iase.disa.mil/stigs/srgs/Pages/index.aspx

Application Server SRG Ver 2, Rel 2
Domain Name System (DNS) SRG Ver 2, Rel 4 Network Device Management SRG Ver 2, Rel 3 Router SRG – Ver 2, Rel 2 Web Server SRG Ver 2, Rel 2

Unclassified Application STIGs/SRGs:  http://iase.disa.mil/stigs/app-security/Pages/index.aspx

Access 2007 STIG – Ver 4, Rel 12
Apache 2.2 UNIX STIG Ver 1, Rel 8
Apache 2.2 Windows STIG Ver 1, Rel 8
Email Services Policy STIG Ver 2, Rel 6
Excel 2007 STIG Ver 4, Rel 12
Exchange 2010 Edge STIG Ver 1, Rel 10
Exchange 2010 Hub STIG Ver 1, Rel 10
Google Chrome Browser STIG for Windows Ver 1, Rel 3 IIS 7 STIG Ver 1, Rel 9 Infopath 2007 STIG Ver 4, Rel 12 Internet Explorer 10 STIG Ver 1, Rel 11 McAfee Virus Scan 8.8 Local Client STIG Ver 5, Rel 7 Mcafee Virus Scan 8.8 Managed Client STIG Ver 5, Rel 8 Microsoft Sharepoint 2010 STIG Ver 1, Rel 7 Mcrosoft Sharepoint 2013 STIG Ver 1, Rel 2 Mozilla Firefox STIG Ver 4, Rel 13 Office 2010 Overview Ver 1, Rel 12 Office System 2007 STIG Ver 4, Rel 14 Oracle 11.2g Database STIG Ver 1, Rel 5 Oracle Database 11g Database STIG Ver 8, Rel 15 Outlook 2007 STIG Ver 4, Rel 15 Outlook 2010 STIG Ver 1, Rel 11 Outlook 2013 STIG Ver 1, Rel 5 PowerPoint 2007 STIG Ver 4, Rel 14 SQL Server 2012 STIG Ver 1, Rel 8 Word 2007 STIG Ver 4, Rel 14

Unclassified Network STIGs:  http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx

Bind DNS STIG Ver 4, Rel 1.19
Defense Switched Network (DSN) STIG Ver 2, Rel 7 Enclave Test and Development STIG Ver 1, Rel 2
F5 BIG_IP Device Mangement 11.x STIG Ver 1, Rel 2 IPSEC VPN Gateway STIG Ver 1, Rel 10 MultiFunction Device and Network Printers STIG Ver 2, Rel 7 Network Firewall STIG Ver 8, Rel 19 Network Infrastructure Router L3 Switch STIG Ver 8, Rel 19 Network L2 Switch STIG Ver 8, Rel 19 Network Other Devices STIG Ver 8, Rel 19 Network Perimeter Router L3 Switch STIG Ver 8, Rel 21 Network WLAN STIG Ver 6, Rel 10 Remote Access Policy STIG Ver 2, Rel 10 Voice and Video over Internet Protocol (VVoIP) Policy STIG Ver 3, Rel 7 Voice and Video over Internet Protocol (VVoIP) STIG Ver 3, Rel 7 Windows Server 2012 DNS STIG Ver 1, Rel 2

Unclassified Mobility STIGs:  http://iase.disa.mil/stigs/mobility/Pages/index.aspx

BlackBerry Enterprise Service 10.2.x BlackBerry Device Service STIG Ver 1, Rel 4 BlackBerry OS 7 STIG Ver 2, Rel 9

Unclassified Operating System STIGs: http://iase.disa.mil/stigs/os/Pages/index.aspx

Apple OS X 10.10 Workstation STIG Ver 1, Rel 2 AIX 6.1 STIG Ver 1 Rel 5
ESXi5 Server Ver 1, Rel 8
HP UX 11.23 Manual STIG Ver 1, Rel 7
HP UX 11.31 Manual STIG Ver 1, Rel 8
Oracle Linux 5 Manual STIG Ver 1, Rel 4
Oracle Linux 6 Manual STIG Ver 1, Rel 4
Red Hat 5 Manual STIG Ver 1 Rel 12
Red Hat 6 STIG Ver 1 Rel 9
Solaris 10 SPARC Manual STIG Ver 1, Rel 12 Solaris 10 x86 Manual STIG Ver 1 Rel 12 Solaris 11 SPARC Manual STIG Ver 1, Rel 5 Solaris 11 x86 Manual STIG Ver 1, Rel 5 Windows 2008 DC STIG Ver 6, Rel 31 Windows 2008 MS STIG Ver 6, Rel 31 Windows 2008 R2 DC STIG VER 1, Rel 17 Windows 2008 R2 MS STIG Ver 1, Rel 17 Windows 2012 and 2012 DC STIG Ver 2, Rel 3 Windows 2012 and 2012 MS STIG Ver 2, Rel 3 Windows Vista STIG Ver 6, Rel 38 Windows 7 STIG Ver 1, Rel 21 Windows 8/8.1 STIG Ver 1, Rel 11 zOS ACF2 STIG Ver 6, Rel 25 zOS RACF STIG Ver 6, Rel 25 zOS TSS STIG Ver 6, Rel 25

FOUO HBSS: http://iase.disa.mil/stigs/hbss/Pages/index.aspx
NOTE: DoD PKI Certificate Required

HBSS Agent Handler STIG  Ver 1, Rel 6
HBSS Asset Baseline Monitor STIG Ver 4, Rel 8 HBSS ePO 4.5 Rollup STIG Ver 4, Rel 12 HBSS ePO 4.5 Site STIG Ver 4, Rel 14 HBSS ePO 4.6 STIG Ver 4, Rel 15 HBSS ePO 5.1 STIG Ver 1, Rel 6 HBSS HIP 8 Firewall STIG Ver 1, Rel 5 HBSS HIP 8 STIG Ver 4, Rel 13 HBSS Remote Console STIG Ver 4, Rel 11 McAfee MOVE STIG Overview – Ver 1, Rel 1 McAfee MOVE Agentless 3.0 SVA STIG Ver 1, Rel 2 McAfee MOVE Agentless 3.0 VSEL for SVA STIG Ver 1, Rel 2 McAfee MOVE Multi-Platform 2.6 Client STIG Ver 1, Rel 3 McAfee MOVE Multi-Platform 2.6 OSS STIG Ver 1, Rel 3

FOUO Network Perimeter:  http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
NOTE:  DoD PKI Certificate Required

DoD Secure Telecommunications and DRSN STIG Ver 1, Rel 6 REL LAN STIG Ver 1, Rel 8

Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx

AIX 6.1 STIG Benchmark Ver 1, Rel 5
HP-UX 11.23 STIG Benchmark Ver 1 Rel 8
HP-UX 11.31 STIG Benchmark Ver 1 Rel 9
Internet Explorer 10 STIG Benchmark Ver 1, Rel 6 Microsoft .NET Framework 4 STIG Benchmark Ver 1, Rel 3 Outlook 2010 STIG Benchmark Ver 1, Rel 2 Red Hat 5 STIG Benchmark Ver 1, Rel 13 Red Hat 6 STIG Benchmark Ver 1, Rel 9 Solaris 10 SPARC STIG Benchmark Ver 1, Rel 12 Solaris 10 x86 STIG Benchmark Ver 1, Rel 12 Solaris 9 SPARC STIG Benchmark Ver 1, Rel 12 Windows 2008 DC STIG Benchmark Ver 6, Rel 33 Windows 2008 MS STIG Benchmark Ver 6, Rel 33 Windows 2008 R2 DC STIG Benchmark Ver 1, Rel 19 Windows 2008 R2 MS STIG Benchmark Ver 1, Rel 19 Windows 2012 and 2012 R2 DC STIG Benchmark Ver 2, Rel 3 Windows 2012 and 2012 R2 MS STIG Benchmark Ver 2, Rel 3 Windows 7 STIG Benchmark Ver 1, Rel 27 Windows 8/8.1 Benchmark Ver 1, Rel 12 Windows Vista Benchmark Ver 6, Rel 41

STIGs no longer supported:  http://iase.disa.mil/stigs/sunset/Pages/index.aspx

Apache 2.0 UNIX STIG Ver 1, Rel 5
Apache 2.0 Windows STIG Ver 1, Rel 5
Solaris 9 SPARC Manual STIG Ver 1, Rel 9 Solaris 9 x86 Manual STIG Ver 1, Rel 9 Symantec Endpoint Protection 12.1 Local Client STIG Ver 1, Rel 3 Symantec Endpoint Protection 12.1 Managed Client STIG Ver 1, Rel 4 Symantec Endpoint Protection 12.1 Overview Ver 1, Rel 1

DISA Cloud Computing Documents released for comment

by Leave a Comment

disa cloud computing
disa cloud computing

DISA has developed the following DRAFT documents related to Cloud Computing
Security and the use/integration of Cloud Computing in DoD which are available
for community review and feedback/comments:
. Draft Cloud Computing Security Requirements Guide (SRG), Version 1 Release 2
. Draft Cloud Access Point (CAP) Functional Requirements Document (FRD) V2.2
. Draft Concept of Operations (CONOPS) for Cloud Computer Network Defense
(CND) v1

The Draft documents and a Comment Matrix for each (in a .zip file) are
available at:
http://iase.disa.mil/cloud_security/Pages/index.aspx.

Please provide comments by [DATE TBD 3 WEEKS after posting] on the Comment
Matrix associated with each document via one unclassified email for each
comment matrix to:
disa.letterkenny.re.mbx.stig-info@mail.mil

Please Note: It is critical that each comment matrix is returned in a separate
email with the subject line stating “[Your organization] Comments for
[document title]” so we can distribute the comment matrices to the appropriate
team for each document and easily identify the source.

SRG/STIG Applicability Guide and Collection Tool Update

by 1 Comment

SRG/STIG Applicability Guide and Collection Tool Update

DISA has released an update to the Security Requirements Guide (SRG) and Security Technical Implementation Guide (STIG) Applicability Guide and Applicable SRG/STIG Collection Tool.

The purpose of the SRG/STIG Applicability Guide and Collection Tool is to assist the SRG/STIG user community in determining what SRGs and/or STIGs apply to a particular situation or Information System (IS) and to create a fully formatted document containing a “Collection” of SRGs and STIGs applicable to the situation being addressed.

The SRG/STIG Applicability Guide and Collection Tool is available for download from the Information Assurance Support Environment (IASE) web site at: http://iase.disa.mil/stigs/agct/Pages/index.aspx