ConvoCourses

Cyber Security Compliance and IT Jobs

stigs

STIGS for Security Control Assessments

by Leave a Comment

Many more videos on https://www.youtube.com/convocoursesshort videos at https://www.tiktok.com/@convocourses?lang=enand https://www.instagram.com/convocourseqs/https://www.facebook.com/ConvoCourses-108091850619388Podcast version of the content:https://podcasts.apple.com/us/podcast/convocourses/id1500188278http://www.nist80037rmf.com/google_podcast

Implementation of security controls resources part 1

by Leave a Comment

What do you use to implement security controls?
First of all, implementation of security controls means to put security on your server, workstations or other information systems. The best guidance is where ever you can get it from. Your organization may provide resources to you. This could be process and procedures. You can also use security implementation guides https://public.cyber.mil/stigs/
But probably the best and most comprehensive source of implementation guidance is from the vendor of the system or OS you are using. For Cisco router security implementation they have guidance on Cisco.com (for example). Cisco probably won’t call them “security controls” but if you know you need to update the IOS, you would search their site for how to update the IOS and what is the most current IOS for your internetwork device.

Cybersecurity Convocourses Control Correlation Identifier (CCI), CIS and STIGS (PODCAST)

by Leave a Comment

This is a breakdown of how CCI Controls map to STIGS and CIS.

Podcast: Play in new window | Download

Subscribe: Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS

Quarterly Release of STIGs, Scripts, Benchmarks, GPOs, and Compilation Library

by Leave a Comment

STIG Update – Quarterly Release of STIGs, Scripts, Benchmarks, GPOs, and Compilation Library
DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks:

Unclassified SRGs: http://iase.disa.mil/stigs/Pages/a-z.aspx
Database SRG – Ver 2, Rel 8
Network Device Management SRG – Ver 2, Rel 13
Voice Video Endpoint SRG – Ver 1, Rel 7
Voice Video Session Management SRG – Ver 1, Rel 5

Unclassified Application STIGs: http://iase.disa.mil/stigs/app-security/Pages/index.aspx
Adobe Acrobat Reader DC Class Track STIG – Ver 1, Rel 2
Adobe Acrobat Reader DC Continuous Track STIG – Ver 1, Rel 3
Adobe ColdFusion 11 STIG – Ver 1, Rel 4
Esri ArcGIS Server 10.3 STIG – Ver 1, Rel 3
Application Security and Development STIG – Ver 4, Rel 5
EDB Postgres Advanced Server 9 on Red Hat Enterprise Linux STIG Ver 1, Rel 4
Google Chrome Browser STIG – Ver 1, Rel 11
IBM DB2 V10-5 LUW STIG – Ver 1, Rel 2
IIS 7.0 STIG – Ver 1, Rel 16
Microsoft IIS 8.5 Server STIG – Ver 1, Rel 2
Microsoft IIS 8.5 Site STIG – Ver 1, Rel 2
McAfee Virus Scan 8.8 Local Client STIG – Ver 5, Rel 14
McAfee Virus Scan 8.8 Managed Client STIG – Ver 5, Rel 17
Mozilla Firefox STIG – Ver 4, Rel 20
Microsoft Internet Explorer 11 STIG – Ver 1, Rel 14
Microsoft SQL 2012 STIG – Ver 1,Rel 16
Microsoft SQL Server 2014 Database STIG – Ver 1, Rel 6
Microsoft SQL Server 2014 Instance STIG – Ver 1, Rel 7
Microsoft Windows Defender Antivirus STIG – Ver 1, Rel 3
Oracle 11.2 Database STIG – Ver 1, Rel 13
Oracle 12c Database STIG – Ver 1, Rel 9
Oracle JRE 8 Windows STIG – Ver 1, Rel 5
Oracle WebLogic Server 12c STIG – Ver 1, Rel 4
PostgreSQL 9.x STIG – Ver 1, Rel 2

Unclassified Network STIGs and Overviews: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
BIND 9.x STIG – Ver 1, Rel 3
ForeScout CounterACT ALG STIG – Ver 1, Rel 2
Infoblox 7.x Domain Name System (DNS) STIG – Ver 1, Rel 5
Juniper SRX Services Gateway (SG) Application Layer Gateway (ALG) STIG – Ver 1, Rel 2
Microsoft Windows 2012 Server DNS STIG – Ver 1, Rel 8
MultiFunction Device and Network Printers STIG – Ver 2, Rel 11
Network Other Devices STIG – Ver 8, Rel 21
Network Firewall STIG – Ver 8, Rel 25
Network Infrastructure Policy STIG – Ver 9, Rel 5
Network Infrastructure Router L3 Switch STIG – Ver 8, Rel 25
IPSEC VPN Gateway STIG – Ver 1, Rel 14
Network L2 Switch STIG – Ver 8, Rel 23
Network Perimeter Router L3 Switch STIG – Ver 8, Rel 28
Network WLAN STIG – Ver 6, Rel 13
Voice and Video over Internet Protocol (VVoIP) Policy STIG – Ver 3, Rel 12

Unclassified HBSS STIGs: https://iase.disa.mil/stigs/hbss/Pages/index.aspx
McAfee Application Control STIG – Ver 1, Rel 3

Unclassified Operating System STIGs: http://iase.disa.mil/stigs/os/Pages/index.aspx
AIX 6.1 STIG – Ver 1, Rel 12
Apple OS X 10.11 Workstation STIG – Ver 1, Rel 6
Apple OS X 10.12 Workstation STIG – Ver 1, Rel 2
HP-UX 11.31 Manual STIG – Ver 1, Rel 16
Red Hat 6 STIG – Ver 1, Rel 18
Red Hat 7 STIG – Ver 1, Rel 4
Solaris 10 SPARC Manual STIG – Ver 1, Rel 21
Solaris 10 x86 Manual STIG – Ver 1, Rel 21
Microsoft Windows 10 STIG – Ver 1, Rel 12
Microsoft Windows 2008 DC STIG – Ver 6, Rel 39
Microsoft Windows 2008 MS STIG – Ver 6, Rel 39
Microsoft Windows 2008 R2 DC STIG – Ver 1, Rel 25
Microsoft Windows 2008 R2 MS STIG – Ver 1, Rel 25
Microsoft Windows 2012 and 2012 R2 DC STIG – Ver 2, Rel 11
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 2, Rel 11
Microsoft Windows 7 STIG – Ver 1, Rel 29
Microsoft Windows 8/8.1 STIG – Ver 1, Rel 20
Microsoft Windows Server 2016 STIG MS DC – Ver 1, Rel 3
zOS ACF2 STIG – Ver 6, Rel 35
zOS RACF STIG – Ver 6, Rel 35
zOS TSS STIG – Ver 6, Rel 35

FOUO HBSS STIGs: https://iase.disa.mil/stigs/hbss/Pages/index.aspx
HBSS Agent Handler STIG – Ver 1, Rel 10
HBSS ePO 5.x STIG – Ver 1, Rel 14
HBSS HIP Firewall STIG – Ver 1, Rel 10
HBSS HIP 8 STIG – Ver 4, Rel 20
HBSS McAfee Agent STIG – Ver 4, Rel 16

Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx
Adobe Acrobat Reader Document Cloud (DC) Classic Track STIG Benchmark – Ver 1, Rel 2
Google Chrome for Windows STIG Benchmark – Ver 1, Rel 6
Microsoft Internet Explorer 11 STIG Benchmark – Ver 1, Rel 11
Microsoft Publisher 2016 STIG Benchmark – Ver 1, Rel 2 (SCC tool use only)
Microsoft Windows 10 STIG Benchmark – Ver 1, Rel 10
Microsoft Windows 2008 DC STIG Benchmark – Ver 6, Rel 41
Microsoft Windows 2008 MS STIG Benchmark – Ver 6, Rel 41
Microsoft Windows 2008 R2 DC STIG Benchmark – Ver 1, Rel 27
Microsoft Windows 2008 R2 MS STIG Benchmark – Ver 1, Rel 28
Microsoft Windows 2012 and 2012 R2 DC STIG Benchmark – Ver 2, Rel 11
Microsoft Windows 2012 and 2012 R2 MS STIG Benchmark – Ver 2, Rel 11
Microsoft Windows 7 STIG Benchmark – Ver 1, Rel 35
Microsoft Windows 8/8.1 STIG Benchmark – Ver 1, Rel 21
Microsoft Windows Server 2016 STIG Benchmark – Ver 1, Rel 4
Red Hat 6 STIG Benchmark – Ver 1, Rel 18
Red Hat 7 STIG Benchmark – Ver 1, Rel 2
Solaris 10 SPARC STIG Benchmark – Ver 1, Rel 20
Solaris 10 x86 STIG Benchmark – Ver 1, Rel 20

No Longer Supported: http://iase.disa.mil/stigs/sunset/Pages/index.aspx
Adobe Acrobat Pro XI STIG – Ver 1, Rel 2

————————————————————————————————————

DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations.

The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) (provided in XCCDF or .pdf format), that are available through the IASE web site’s STIG pages.

Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled U_SRG-STIG_Library.zip and FOUO _SRG-STIG_Library.zip. The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines.

Please see “SRG/STIG Library Compilation READ ME” for additional information to include download / extraction instructions and a FAQ.

All related files are available on IASE at: http://iase.disa.mil/stigs/compilations/Pages/index.aspx.

————————————————————————————————————

Group Policy Objects (GPOs) have been updated for January 2018. See the Change Log document included in the zip file for additional information.
DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.
The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/Pages/index.aspx.

List of GPOs currently in the package:
Office Products:
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office System 2013
Office System 2016
OneDrive for Business 2016
OneNote 2013
OneNote 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
SharePoint Designer 2013
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016

Browsers:
Internet Explorer 11
Google Chrome

Antivirus:
Windows Defender AV

Operating Systems:
Windows 10
Windows 7
Windows 8/8.1
Windows Firewall
Windows Server 2008 R2 DC
Windows Server 2008 R2 MS
Windows Server 2012 R2 DC
Windows Server 2012 R2 MS
Windows Server 2016

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

DISA has released the IBM z/VM Using CA VM:Secure STIG Version 1

by Leave a Comment

STIG Update – DISA has released the IBM z/VM Using CA VM:Secure STIG Version 1
DISA has released the IBM z/VM Using CA VM:Secure STIG Version 1. The requirements of the STIG become effective immediately. The STIG is available at https://iase.disa.mil/stigs/os/mainframe/Pages/zvm.aspx.

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil