Author name: Bruce

STIG Update - Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) – September 2017 Group Policy Objects (GPOs) have been updated for September 2017. See the Change Log document included in the zip file for additional information.  DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.  The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/Pages/index.aspx List of GPOs currently in the package: Office Products: Access 2013 Access 2016 Excel 2013 Excel 2016 InfoPath 2013 Lync 2013 Office System 2013 Office System 2016 OneDrive for Business 2016 OneNote 2013 OneNote 2016 Outlook 2013 Outlook 2016 PowerPoint 2013 PowerPoint 2016 Project 2013 Project 2016 Publisher 2013 Publisher 2016 SharePoint Designer 2013 Skype for Business 2016 Visio 2013 Visio 2016 Word 2013 Word 2016 Browsers: Internet Explorer 11 Google Chrome Antivirus: Windows Defender AV Operating Systems: Windows 10 Windows 7 Windows 8/8.1 Windows Firewall Windows Server 2008 R2 DC Windows Server 2008 R2 MS Windows Server 2012 R2 DC Windows Server 2012 R2 MS Windows Server 2016

STIG Update – Draft McAfee MOVE AV 4.5 STIG DISA has released the Draft McAfee MOVE AV 4.5 STIG Version 1 for review.  Please submit comments, recommended changes, and/or additions to the draft STIG by 28 September 2017 on the Comment Matrix spreadsheet, located with the STIG at https://iase.disa.mil/stigs/hbss/Pages/index.aspx.  (NOTE:  this is an extension to the suspense date provided in the release memo.)  Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the STIG in the subject line of your email.   For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

STIG Update - Canonical Ubuntu 16.04 STIG V1R1 DISA Risk Management Executive has released the Canonical Ubuntu 16.04 Security Technical Implementation Guide (STIG) Version 1 Release 1. The requirements of the STIG become effective immediately. The STIG is available on IASE at https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx. For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your email address to log in. If you have questions or problems with the subscription service, please visit subscriberhelp.govdelivery.com. All other inquiries can be directed to subscriptions@disa.mil.

STIG Update – Draft Router SRG Version 3 DISA has released the Draft Router Security Requirements Guide (SRG) Version 3 for review.  Please submit comments, recommended changes, and/or additions to the draft SRG by 28 September 2017 on the Comment Matrix spreadsheet, located with the SRG at https://iase.disa.mil/stigs/net_perimeter/network-infrastructure/Pages/routers-switches.aspx.  (NOTE:  this is an extension to the suspense date provided in the release memo.)  Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the SRG in the subject line of your email.   For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

STIG Update - Draft IBM z/VM STIG Ver 1 DISA has developed the Draft IBM z/VM STIG Version 1 for review. This draft STIG contains security requirements to IBM z/VM systems using Computer Associate’s VM:Secure for security management. Please submit comments, recommended changes, and/or additions to the draft STIG by 21 Sep 2017 on the Comment Matrix spreadsheet, located with the STIG at https://iase.disa.mil/stigs/os/mainframe/Pages/zvm.aspx. Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the STIG in the subject line of your email. For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

STIG Update - Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) Group Policy Objects (GPOs) have been created for numerous Security Technical Implementation Guides (STIGs). DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment. The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/Pages/index.aspx List of GPOs currently in the package: Office Products Access 2013 Access 2016 Excel 2013 Excel 2016 InfoPath 2013 Lync 2013 Office System 2013 Office System 2016 OneDrive for Business 2016 OneNote 2013 OneNote 2016 Outlook 2013 Outlook 2016 PowerPoint 2013 PowerPoint 2016 Project 2013 Project 2016 Publisher 2013 Publisher 2016 SharePoint Designer 2013 Skype for Business 2016 Visio 2013 Visio 2016 Word 2013 Word 2016 Browsers Google Chrome Internet Explorer 11 Operating Systems Windows 10 Windows 7 Windows 8/8.1 Windows Firewall Windows Server 2008 R2 DC Windows Server 2008 R2 MS Windows Server 2012 R2 DC Windows Server 2012 R2 MS Windows Server 2016

STIG Update - Microsoft Windows 10 STIG – Version 1 Release 10 DISA Risk Management Executive has updated the Microsoft Windows 10 Security Technical Implementation Guide (STIG) Version 1 Release 10.  The requirements of the STIG become effective immediately. The STIG is available on IASE at https://iase.disa.mil/stigs/os/windows/Pages/win10.aspx. For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

STIG Update - Draft Backbone Transport Services (BTS) Policy STIG Ver 3 DISA has released the Draft Backbone Transport Services (BTS) Policy STIG Version 3 for review. Please submit comments, recommended changes, and/or additions to the draft STIG by 15 September 2017 on the Comment Matrix spreadsheet, located with the STIG at https://iase.disa.mil/stigs/net_perimeter/backbone-transport/Pages/index.aspx. (NOTE: this is an extension to the suspense date provided in the release memo.) Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the STIG in the subject line of your email. For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

Job Title:  IT Network Security Analyst  Position Type: Contract – 30 hours/wk. Cleint: CROCS Location : Niwot Our client is looking for a Security Analyst to support their team with the network and security related issues.  I Position Requirements: Possess a great attitude and desire to dig deep into the field of information security Detail oriented work style with ability to follow through on tasks Ability to work collaboratively in team environments Possess strong critical thinking and analytical skills Strong interpersonal, written, and verbal communication skills General understanding of below areas: IT Security Networking System administration Programming/Scripting Willingness to acquire in-depth knowledge of network and host-based security technologies Knowledge of the current IT threat landscape and emerging trends in cyber security Education: A certificate in a related discipline such as IT Security, Networking, System Administration, and/or Programing/Scripting are preferred. A degree in Information Technology, or a related academic discipline is preferred, but not required for this position. **If this is not a fit for you or you are not interested, Ascent Services Group offers an excellent Referral Bonus!  We look forward to hearing from you! 

DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations. The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) (provided in XCCDF or .pdf format), Checklists, Security Readiness Review (SRR) Tools that are available through the IASE web site’s STIG pages. Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled U_SRG-STIG_Library.zip and FOUO _SRG-STIG_Library.zip. The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines. Please see “SRG/STIG Library Compilation READ ME” for additional information to include download / extraction instructions and a FAQ. All related files are available on IASE at: http://iase.disa.mil/stigs/compilations/Pages/index.aspx.