Tag Archives: stigs

Quarterly Release of STIGs, Scripts, Benchmarks, GPOs, and Compilation Library

STIG Update – Quarterly Release of STIGs, Scripts, Benchmarks, GPOs, and Compilation Library
DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks:

Unclassified SRGs: http://iase.disa.mil/stigs/Pages/a-z.aspx
Database SRG – Ver 2, Rel 8
Network Device Management SRG – Ver 2, Rel 13
Voice Video Endpoint SRG – Ver 1, Rel 7
Voice Video Session Management SRG – Ver 1, Rel 5

Unclassified Application STIGs: http://iase.disa.mil/stigs/app-security/Pages/index.aspx
Adobe Acrobat Reader DC Class Track STIG – Ver 1, Rel 2
Adobe Acrobat Reader DC Continuous Track STIG – Ver 1, Rel 3
Adobe ColdFusion 11 STIG – Ver 1, Rel 4
Esri ArcGIS Server 10.3 STIG – Ver 1, Rel 3
Application Security and Development STIG – Ver 4, Rel 5
EDB Postgres Advanced Server 9 on Red Hat Enterprise Linux STIG Ver 1, Rel 4
Google Chrome Browser STIG – Ver 1, Rel 11
IBM DB2 V10-5 LUW STIG – Ver 1, Rel 2
IIS 7.0 STIG – Ver 1, Rel 16
Microsoft IIS 8.5 Server STIG – Ver 1, Rel 2
Microsoft IIS 8.5 Site STIG – Ver 1, Rel 2
McAfee Virus Scan 8.8 Local Client STIG – Ver 5, Rel 14
McAfee Virus Scan 8.8 Managed Client STIG – Ver 5, Rel 17
Mozilla Firefox STIG – Ver 4, Rel 20
Microsoft Internet Explorer 11 STIG – Ver 1, Rel 14
Microsoft SQL 2012 STIG – Ver 1,Rel 16
Microsoft SQL Server 2014 Database STIG – Ver 1, Rel 6
Microsoft SQL Server 2014 Instance STIG – Ver 1, Rel 7
Microsoft Windows Defender Antivirus STIG – Ver 1, Rel 3
Oracle 11.2 Database STIG – Ver 1, Rel 13
Oracle 12c Database STIG – Ver 1, Rel 9
Oracle JRE 8 Windows STIG – Ver 1, Rel 5
Oracle WebLogic Server 12c STIG – Ver 1, Rel 4
PostgreSQL 9.x STIG – Ver 1, Rel 2

Unclassified Network STIGs and Overviews: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
BIND 9.x STIG – Ver 1, Rel 3
ForeScout CounterACT ALG STIG – Ver 1, Rel 2
Infoblox 7.x Domain Name System (DNS) STIG – Ver 1, Rel 5
Juniper SRX Services Gateway (SG) Application Layer Gateway (ALG) STIG – Ver 1, Rel 2
Microsoft Windows 2012 Server DNS STIG – Ver 1, Rel 8
MultiFunction Device and Network Printers STIG – Ver 2, Rel 11
Network Other Devices STIG – Ver 8, Rel 21
Network Firewall STIG – Ver 8, Rel 25
Network Infrastructure Policy STIG – Ver 9, Rel 5
Network Infrastructure Router L3 Switch STIG – Ver 8, Rel 25
IPSEC VPN Gateway STIG – Ver 1, Rel 14
Network L2 Switch STIG – Ver 8, Rel 23
Network Perimeter Router L3 Switch STIG – Ver 8, Rel 28
Network WLAN STIG – Ver 6, Rel 13
Voice and Video over Internet Protocol (VVoIP) Policy STIG – Ver 3, Rel 12

Unclassified HBSS STIGs: https://iase.disa.mil/stigs/hbss/Pages/index.aspx
McAfee Application Control STIG – Ver 1, Rel 3

Unclassified Operating System STIGs: http://iase.disa.mil/stigs/os/Pages/index.aspx
AIX 6.1 STIG – Ver 1, Rel 12
Apple OS X 10.11 Workstation STIG – Ver 1, Rel 6
Apple OS X 10.12 Workstation STIG – Ver 1, Rel 2
HP-UX 11.31 Manual STIG – Ver 1, Rel 16
Red Hat 6 STIG – Ver 1, Rel 18
Red Hat 7 STIG – Ver 1, Rel 4
Solaris 10 SPARC Manual STIG – Ver 1, Rel 21
Solaris 10 x86 Manual STIG – Ver 1, Rel 21
Microsoft Windows 10 STIG – Ver 1, Rel 12
Microsoft Windows 2008 DC STIG – Ver 6, Rel 39
Microsoft Windows 2008 MS STIG – Ver 6, Rel 39
Microsoft Windows 2008 R2 DC STIG – Ver 1, Rel 25
Microsoft Windows 2008 R2 MS STIG – Ver 1, Rel 25
Microsoft Windows 2012 and 2012 R2 DC STIG – Ver 2, Rel 11
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 2, Rel 11
Microsoft Windows 7 STIG – Ver 1, Rel 29
Microsoft Windows 8/8.1 STIG – Ver 1, Rel 20
Microsoft Windows Server 2016 STIG MS DC – Ver 1, Rel 3
zOS ACF2 STIG – Ver 6, Rel 35
zOS RACF STIG – Ver 6, Rel 35
zOS TSS STIG – Ver 6, Rel 35

FOUO HBSS STIGs: https://iase.disa.mil/stigs/hbss/Pages/index.aspx
HBSS Agent Handler STIG – Ver 1, Rel 10
HBSS ePO 5.x STIG – Ver 1, Rel 14
HBSS HIP Firewall STIG – Ver 1, Rel 10
HBSS HIP 8 STIG – Ver 4, Rel 20
HBSS McAfee Agent STIG – Ver 4, Rel 16

Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx
Adobe Acrobat Reader Document Cloud (DC) Classic Track STIG Benchmark – Ver 1, Rel 2
Google Chrome for Windows STIG Benchmark – Ver 1, Rel 6
Microsoft Internet Explorer 11 STIG Benchmark – Ver 1, Rel 11
Microsoft Publisher 2016 STIG Benchmark – Ver 1, Rel 2 (SCC tool use only)
Microsoft Windows 10 STIG Benchmark – Ver 1, Rel 10
Microsoft Windows 2008 DC STIG Benchmark – Ver 6, Rel 41
Microsoft Windows 2008 MS STIG Benchmark – Ver 6, Rel 41
Microsoft Windows 2008 R2 DC STIG Benchmark – Ver 1, Rel 27
Microsoft Windows 2008 R2 MS STIG Benchmark – Ver 1, Rel 28
Microsoft Windows 2012 and 2012 R2 DC STIG Benchmark – Ver 2, Rel 11
Microsoft Windows 2012 and 2012 R2 MS STIG Benchmark – Ver 2, Rel 11
Microsoft Windows 7 STIG Benchmark – Ver 1, Rel 35
Microsoft Windows 8/8.1 STIG Benchmark – Ver 1, Rel 21
Microsoft Windows Server 2016 STIG Benchmark – Ver 1, Rel 4
Red Hat 6 STIG Benchmark – Ver 1, Rel 18
Red Hat 7 STIG Benchmark – Ver 1, Rel 2
Solaris 10 SPARC STIG Benchmark – Ver 1, Rel 20
Solaris 10 x86 STIG Benchmark – Ver 1, Rel 20

No Longer Supported: http://iase.disa.mil/stigs/sunset/Pages/index.aspx
Adobe Acrobat Pro XI STIG – Ver 1, Rel 2

————————————————————————————————————

DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations.

The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) (provided in XCCDF or .pdf format), that are available through the IASE web site’s STIG pages.

Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled U_SRG-STIG_Library.zip and FOUO _SRG-STIG_Library.zip. The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines.

Please see “SRG/STIG Library Compilation READ ME” for additional information to include download / extraction instructions and a FAQ.

All related files are available on IASE at: http://iase.disa.mil/stigs/compilations/Pages/index.aspx.

————————————————————————————————————

Group Policy Objects (GPOs) have been updated for January 2018. See the Change Log document included in the zip file for additional information.
DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.
The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/Pages/index.aspx.

List of GPOs currently in the package:
Office Products:
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office System 2013
Office System 2016
OneDrive for Business 2016
OneNote 2013
OneNote 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
SharePoint Designer 2013
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016

Browsers:
Internet Explorer 11
Google Chrome

Antivirus:
Windows Defender AV

Operating Systems:
Windows 10
Windows 7
Windows 8/8.1
Windows Firewall
Windows Server 2008 R2 DC
Windows Server 2008 R2 MS
Windows Server 2012 R2 DC
Windows Server 2012 R2 MS
Windows Server 2016

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

DISA has released the IBM z/VM Using CA VM:Secure STIG Version 1

STIG Update – DISA has released the IBM z/VM Using CA VM:Secure STIG Version 1
DISA has released the IBM z/VM Using CA VM:Secure STIG Version 1. The requirements of the STIG become effective immediately. The STIG is available at https://iase.disa.mil/stigs/os/mainframe/Pages/zvm.aspx.

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs)

STIG Update – Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) – November 2017
Group Policy Objects (GPOs) have been updated for November 2017. See the Change Log document included in the zip file for additional information.

DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment. The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/Pages/index.aspx.

List of GPOs currently in the package:
Office Products:
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office System 2013
Office System 2016
OneDrive for Business 2016
OneNote 2013
OneNote 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
SharePoint Designer 2013
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016

Browsers:
Internet Explorer 11
Google Chrome

Antivirus:
Windows Defender AV

Operating Systems:
Windows 10
Windows 7
Windows 8/8.1
Windows Firewall
Windows Server 2008 R2 DC
Windows Server 2008 R2 MS
Windows Server 2012 R2 DC
Windows Server 2012 R2 MS
Windows Server 2016

Defense Information Systems Agency (DISA)

STIG Update – IAVM packages Updated

DISA has released the following IAVM packages:
http://iase.disa.mil/stigs/Pages/iavm.aspx (DoD PKI Certificate Required)

AIX 6.1 Ver 1, Rel 29
Apple OS 10.10 Workstation Ver 1, Rel 18
Apple OS 10.11 Workstation Ver 1, Rel 6
Apple OS 10.8 Workstation Ver 1, Rel 22
Apple OS 10.9 Workstation Ver 1, Rel 19
BlackBerry 10 OS Ver 1, Rel 20
Cisco IOS Ver 1, Rel 19
HP-UX 11.31 Ver 1, Rel 29
MAC OS X 10.6 Ver 1, Rel 29
Oracle Linux 5 Ver 1, Rel 22
Oracle Linux 6 Ver 1, Rel 22
RHEL 5 Ver 1, Rel 29
RHEL 6 Ver 1, Rel 27
Solaris 10 SPARC Ver 1, Rel 29
Solaris 10 x86 Ver 1, Rel 29
Solaris 11 SPARC Ver 1, Rel 22
Solaris 11 x86 Ver 1, Rel 22
Windows 7 Ver 1, Rel 27
Windows 8 and 8-1 Ver 1, Rel 27
Windows 2008 R2 Ver 1, Rel 27
Windows 2008 Ver 1, Rel 27
Windows 10 Ver 1, Rel 13
Windows 2012 and 2012 R2 Ver 1, Rel 25
Windows Vista Ver 1, Rel 27
zOS Ver 6, Rel 32

STIG Update – Quarterly release: SRG-STIG_Library.zip

DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations.

The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) ( provided in XCCDF or .pdf format), Checklists, Security Readiness Review (SRR) Tools that are available through the IASE web site’s STIG pages.

Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled U_SRG-STIG_Library.zip and FOUO_SRG-STIG_Library.zip. The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines.

Please see “SRG/STIG Library Compilation READ ME” for additional information to include include download / extraction instructions and a FAQ.

All related files are available on IASE at: http://iase.disa.mil/stigs/compilations/Pages/index.aspx