Author name: Bruce

STIG Update - DISA has released the Draft Software Defined Networking (SDN) STIG Version 1 DISA has released the Draft Software Defined Networking (SDN) STIG Version 1 for review and comment.  Please provide comments, recommended changes, and/or additions to the draft STIG by 3 November 2016 on the Comment Matrix spreadsheet.  The draft STIG and spreadsheet are available at http://iase.disa.mil/stigs/net_perimeter/network-infrastructure/Pages/policy.aspx. For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

STIG Update - DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks   DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks: Unclassified SRGs: http://iase.disa.mil/stigs/Pages/a-z.aspx Database SRG Ver 2, Rel 5 Network Device Management SRG Ver 2, Rel 7 Voice Video Endpoint SRG Ver 1, Rel 3 Voice Video Session Management SRG Ver 1, Rel 2 Unclassified Application STIGs:http://iase.disa.mil/stigs/app-security/Pages/index.aspx Access 2010 STIG Ver 1, Rel 9 Access 2013 STIG Ver 1, Rel 3 Adobe Coldfusion STIG Ver 1, Rel 2 Apache 2.2 STIG Windows Ver 1, Rel 9 EDB Postgres Advanced Server on Red Hat Enterprise Linux STIG Ver 1, Rel 2 Excel 2010 STIG Ver 1, Rel 10 Excel 2013 STIG Ver 1, Rel 5 Exchange 2010 Mailbox STIG Ver 1, Rel 8 Google Chrome Browser STIG Ver 1, Rel 6 IIS 7.0 STIG Ver 1, Rel 11 Infopath 2010 STIG Ver 1, Rel 10 Infopath 2013 STIG Ver 1, Rel 4 Internet Explorer 10 STIG Ver 1, Rel 14 Internet Explorer 11 STIG Ver 1, Rel 10 McAfee Virus Scan 8.8 Local Client STIG Ver 5, Rel 10 McAfee Virus Scan 8.8 Managed Client STIG Ver 5, Rel 12 Mozilla Firefox STIG Ver 4, Rel 16 Oracle JRE 8 Windows STIG Ver 1, Rel 2 Oracle 11.2g Database STIG Ver 1, Rel 9 Oracle 12c Database STIG Ver 1, Rel 5 Outlook 2010 STIG Ver 1, Rel 12 Outlook 2013 STIG Ver 1, Rel 8 PowerPoint 2010 STIG Ver 1, Rel 9 PowerPoint 2013 STIG Ver 1, Rel 4 Publisher 2010 STIG Ver 1, Rel 10 Publisher 2013 STIG Ver 1, Rel 4 SQL Server 2012 STIG Ver 1, Rel 12 SQL Server 2014 Database STIG Ver 1, Rel 2 SQL Server 2014 Instance STIG Ver 1, Rel 3 Tanium 6.5 STIG Ver 1, Rel 2 Visio 2013 STIG Ver 1, Rel 3 Word 2010 STIG Ver 1, Rel 10 Word 2013 STIG Ver 1, Rel 4 McAfee MOVE STIGs: http://iase.disa.mil/stigs/hbss/Pages/index.aspx McAfee MOVE Agentless 3.0/3.6.1 SVA STIG Ver 1, Rel 5 McAfee MOVE Multi-Platform 2.6/3.6.1 Client STIG Ver 1, Rel 5 McAfee MOVE Multi-Platform 2.6/3.6.1 OSS STIG Ver 1, Rel 5 Unclassified Mobility STIG:http://iase.disa.mil/stigs/mobility/Pages/index.aspx BlackBerry BES 12.5. x STIG Ver 1, Rel 2 BlackBerry Enterprise Server 5 STIG Ver 2, Rel 9 BlackBerry OS 10.3.x STIG Ver 1, Rel 3 BlackBerry OS 7 STIG Ver 2, Rel 10 MDM Server Policy STIG Ver 2, Rel 4 Mobile Policy STIG Ver 2, Rel 3 Windows 10 Mobile STIG Ver 1, Rel 2 Unclassified Network STIGs:http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx DNS Policy STIG Ver 4, Rel 1.20 F5 BIG-IP Device Management 11.x STIG Ver 1, Rel 3 F5 BIG-IP Local Traffic Manager (LTM) 11.x STIG Ver 1, Rel 2 IPSEC VPN Gateway STIG Ver 1, Rel 11 Network Firewall STIG Ver 8, Rel 20 Network Infrastructure Router L3 Switch STIG Ver 8, Rel 21 Network L2 Switch STIG Ver 8, Rel 20 Network Other Devices STIG Ver 8, Rel 20 Network Perimeter Router L3 Switch STIG Ver 8, Rel 23 Network WLAN STIG Ver 6, Rel 12 Network WMAN STIG Ver 6, Rel 11 Unclassified Operating System STIGs:http://iase.disa.mil/stigs/os/Pages/index.aspx AIX 6.1 STIG Ver 1, Rel 9 Apple OS X 10.11 STIG Ver 1, Rel 2 HP-UX 11.31 Manual STIG Ver 1, Rel 12 Oracle Linux 5 Manual STIG Ver 1, Rel 8 Oracle Linux 6 Manual STIG Ver 1, Rel 8 Red Hat 5 Manual STIG Ver 1, Rel 16 Red Hat 6 STIG Ver 1, Rel 13 Solaris 10 SPARC Manual STIG Ver 1, Rel 16 Solaris 10 x86 Manual STIG Ver 1, Rel 16 Solaris 11 SPARC Manual STIG Ver 1, Rel 9 Solaris 11 x86 Manual STIG Ver 1, Rel 9 SUSE Linux Enterprise Server (SLES) v11 for System z STIG Ver 1, Rel 8 Windows 2008 DC STIG Ver 6, Rel 34 Windows 2008 MS STIG Ver 6, Rel 34 Windows 2008 R2 DC STIG Ver 1, Rel 20 Windows 2008 R2 MS STIG Ver 1, Rel 20 Windows 2012 and 2012 R2 DC STIG Ver 2, Rel 6 Windows 2012 and 2012 R2 MS STIG Ver 2, Rel 6 Windows Firewall STIG and Advanced Security STIG Ver 1, Rel 5 Windows Vista STIG Ver 6, Rel 41 Windows 10 STIG Ver 1, Rel 6 Windows 7 STIG Ver 1, Rel 24 Windows 8/8.1 STIG Ver 1, Rel 15 zOS ACF2 STIG Ver 6, Rel 29 zOS RACF STIG Ver 6, Rel 29 zOS TSS STIG Ver 6, Rel 29 FOUO Network ISCG:http://iase.disa.mil/stigs/net_perimeter/jie_network/Pages/default.aspx NOTE: DoD PKI Certificate Required Joint Regional Security Stack (JRSS) ISCG Ver 1, Rel 2 FOUO HBSS STIGs: http://iase.disa.mil/stigs/hbss/Pages/index.aspx NOTE: DoD PKI Certificate Required HBSS ePO 5.x STIG Ver 1, Rel 10 HBSS HIP 8 STIG Ver 4, Rel 17 HBSS Remote Console STIG Ver 4, Rel 13 Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx Access 2010 STIG Benchmark Ver 1, Rel 2 (SCC tool use only) Access 2013 STIG Benchmark Ver 1, Rel 2 (SCC tool use only) AIX 6.1 STIG Benchmark Ver 1, Rel 9 Excel 2010 STIG Benchmark Ver 1, Rel 2 (SCC tool use only) Excel 2013 STIG Benchmark Ver 1, Rel 3 (SCC tool use only) HP-UX 11.31 STIG Benchmark – Ver 1, Rel 13 InfoPath 2010 STIG Benchmark Ver 1, Rel 2 (SCC tool use only) InfoPath 2013 STIG Benchmark Ver 1, Rel 3 (SCC tool use only) Internet Explorer 11 STIG Benchmark Ver 1, Rel 7 Outlook 2013 STIG Benchmark Ver 1, Rel 5 (SCC tool use only) Powerpoint 2010 STIG Benchmark Ver 1, Rel 2 (SCC tool use only) Powerpoint 2013 STIG Benchmark Ver 1, Rel 2 (SCC tool use only) Publisher 2010 STIG Benchmark Ver 1, Rel 2 (SCC tool use only) Publisher 2013 STIG Benchmark Ver 1, Rel 2 (SCC tool use only) Red Hat 5 STIG Benchmark Ver 1, Rel 17 Red Hat 6 STIG Benchmark Ver 1, Rel 13 Solaris 10 SPARC STIG Benchmark Ver 1, Rel 16 Solaris 10 X86 STIG Benchmark Ver 1, Rel 16 Solaris 11 SPARC STIG

DISA has released updates to the SRG/STIG Library Compilations in .ZIP format to correspond with the latest quarterly SRG/STIG update cycle. This release also includes newly released SRGs and STIGs published since the last quarterly release of the SRG/STIG Library Compilations. The SRG/STIG_Library.zip is a compilation of DoD Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs) ( provided in XCCDF or .pdf format), Checklists, Security Readiness Review (SRR) Tools that are available through the IASE web site’s STIG pages. Two versions of the compilation are produced, an FOUO version and a NON-FOUO version entitled U_SRG-STIG_Library.zip and FOUO_SRG-STIG_Library.zip. The file name preceded by FOUO_ contains STIGs and related content that has been designated as FOUO. As such a DoD PKI certificate is required to download it. The file name preceded by U_ is the NON-FOUO version which does not contain FOUO. It is therefore downloadable by the general public. These compilations may be used and distributed in the same manner as the individually downloaded documents. The FOUO compilation as a whole and any separated FOUO content must be handled in accordance with customary FOUO handling and dissemination guidelines. Please see “SRG/STIG Library Compilation READ ME” for additional information to include include download / extraction instructions and a FAQ. All related files are available on IASE at: http://iase.disa.mil/stigs/compilations/Pages/index.aspx

STIG Update – Announcement of the Draft BIND 9.X Security Technical Implementation Guide (STIG) Version 1 DoD has developed the Draft BIND 9.X Security Technical Implementation Guide (STIG) Version 1.  This STIG is available on the NIPRNET at http://iase.disa.mil/stigs/net_perimeter/network-other/Pages/index.aspx for review and comment. Please provide comments, recommended changes, and/or additions to the draft STIG by 30 September 2016 on the Comment Matrix spreadsheet.  Comments should be sent via NIPRNet email to:  disa.stig_spt@mail.mil with the title and version of the STIG in the subject line.

This is an introduction to the NIST Special Publication 800-18, System Security Plan. We walk through why you need a System Security Plan and some of the main elements of the System Security Plan. #SSP, #NIST,#systemsecurity,#security,#rmf  

There are hundreds of different roles & responsibilities in the IT Security career field alone. Here are some of the common types that I have seen: Information System Security Manager – coordinate with the system owner and the information system security officer to ensure security is on the systems. Information System Security Officer – coordinate with management and system administrators to implement system security controls. Ensures security controls are tracked and documented. System Administrator – applies technical functionality and security on information systems. Architect – assists in the design of enterprise information systems. Security Analyst – review the logs of information systems to determine if there are any malicious activities happening. Auditors – review the information systems to make sure the security controls are applied, documented and continuously monitored.

So you want to get into Information Technology? Well what do you want to do in IT because there are many different branches of it. I would suggest going into IT security, specifically, Risk Management Framework. It is a very specialized field. You will need to know the fundamental of IT security. The basics on what goes into securing important data and their hardware. You will also need to have at least a little knowledge of technology and its history. You will need to know a LOT about NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems”. You will need to dive into NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations”. Since not many people want to do this work, or even know about it, there is not much competition. They are always looking for qualified people to do it. What you will need is a 4 year degree (preferably in something technical), an IT certification in security (Security+, ISC2 CAP, CISSP, CASP, CISM,CISA) and a lot of knowledge on NIST 800-37.  

STIG Update – Announcement of the EDB Postgres Advanced Server  9 On Red Hat Enterprise Linux STIG Version 1 DISA has released the EDB Postgres Advanced Server  9 On Red Hat Enterprise Linux STIG Version 1.  The requirements of this STIG become effective immediately.  TheSTIG is available on IASE at: http://iase.disa.mil/stigs/app-security/database/Pages/index.aspx For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

DISA has released the Mainframe Product SRG Version 1. The requirements of the SRG become effective immediately. The SRG is available on IASE at: http://iase.disa.mil/stigs/srgs/Pages/index.aspx For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

STIG Update - DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks: Unclassified SRGs: http://iase.disa.mil/stigs/srgs/Pages/index.aspx Database SRG Ver 2, Rel 4 Network Device Management SRG Ver 2, Rel 5 Unclassified Application STIGs/SRGs: http://iase.disa.mil/stigs/app-security/Pages/index.aspx Adobe Acrobat Reader DC Continuous Track STIG Ver, Rel 2 Google Chrome Browser STIG for Windows Ver 1, Rel 4 IIS 7.0 STIG Ver 1, Rel 10 Internet Explorer 11 STIG Ver 1, Rel 8 McAfee Virus Scan 8.8 Local Client STIG Ver 5, Rel 9 McAfee Virus Scan 8.8 Managed Client STIG Ver 5, Rel 10 McAfee VirusScan Enterprise for Linux 1.9x/2.0x Local Client STIG Ver 1, Rel 2 McAfee VirusScan Enterprise for Linux 1.9x/2.0x Managed Client STIG Ver 1, Rel 2 Oracle WebLogic Server 12c STIG Ver 1, Rel 2 Microsoft .NET Framework 4 STIG Ver 1, Rel 3 Microsoft .NET Framework Security Checklist Ver 1, Rel 3 Microsoft Sharepoint 2013 STIG Ver 1, Rel 3 Oracle 11.2g Database STIG Ver 1, Rel 7 Oracle 12c Database STIG Ver 1, Rel 3 Oracle 11g Database STIG Ver 8, Rel 17 PowerPoint 2007 STIG Ver 4, Rel 15 SQL Server 2012 STIG Ver 1, Rel 10 Unclassified Mobility ISCG: http://iase.disa.mil/stigs/mobility/Pages/index.aspx Samsung Android OS 5 (with Knox 2.x) STIG Ver 1, Rel 3 Unclassified Network STIGs: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx Arista Multilayer Switch (MLS) DCS-7000 Series Layer 2 Switch (L2S) STIG Ver 1, Rel 2 Arista Multilayer Switch (MLS) DCS-7000 Series Network Device Management (NDM) STIG, Ver 1, Rel 2 Arista Multilayer Switch (MLS) DCS-7000 Series Router (RTR) STIG Ver 1, Rel 2 Remote Access Policy STIG Ver 2, Rel 11 Unclassified Operating System STIGs: http://iase.disa.mil/stigs/os/Pages/index.aspx Active Directory Domain STIG Ver 2, Rel 7 Active Directory Forest STIG Ver 2, Rel 6 Apple OS X 10.10 Workstation STIG Ver 1, Rel 3 AIX 6.1 STIG Ver 1, Rel 7 ESXi5 Server STIG Ver 1, Rel 9 ESXi5 vCenter Server STIG Ver 1, Rel 7 HP-UX 11.31 Manual STIG Ver 1, Rel 10 Oracle Linux 5 Manual STIG Ver 1, Rel 6 Oracle Linux 6 Manual STIG Ver 1, Rel 6 Red Hat 5 Manual STIG Ver 1, Rel 14 Red Hat 6 STIG Ver 1, Rel 11 Solaris 10 SPARC Manual STIG Ver 1, Rel 14 Solaris 10 x86 Manual STIG Ver 1, Rel 14 Solaris 11 SPARC Manual STIG Ver 1, Rel 7 Solaris 11 x86 Manual STIG Ver 1, Rel 7 Windows 2008 DC STIG Ver 6, Rel 32 Windows 2008 MS STIG Ver 6, Rel 32 Windows 2008 R2 DC STIG Ver 1, Rel 18 Windows 2008 R2 MS STIG Ver 1, Rel 18 Windows 2012 and 2012 R2 DC STIG Ver 2, Rel 4 Windows 2012 and 2012 R2 MS STIG Ver 2, Rel 4 Windows Vista STIG Ver 6, Rel 39 Windows 10 STIG Ver 1, Rel 3 Windows 7 STIG Ver 1, Rel 22 Windows 8/8.1 STIG Ver 1, Rel 13 zOS ACF2 STIG Ver 6, Rel 27 zOS RACF STIG Ver 6, Rel 27 zOS TSS STIG Ver 6, Rel 27 FOUO HBSS: http://iase.disa.mil/stigs/hbss/Pages/index.aspx NOTE: DoD PKI Certificate Required HBSS Agent Handler STIG Ver 1, Rel 8 HBSS ePO 5.x STIG Ver 1, Rel 8 HBSS HIP 8 STIG Ver 4, Rel 15 HBSS HIP STIG Ver 4, Rel 11 HBSS McAfee Agent STIG Ver 4, Rel 10 Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx AIX 6.1 STIG Benchmark Ver 1, Rel 7 HP-UX 11.31 STIG Benchmark Ver 1 Rel 11 Internet Explorer 11 STIG Benchmark Ver 1, Rel 5 Microsoft .NET Framework 4 STIG Benchmark Ver 1, Rel 4 Project 2013 STIG Benchmark Ver 1, Rel 2 Red Hat 5 STIG Benchmark Ver 1, Rel 15 Red Hat 6 STIG Benchmark Ver 1, Rel 11 Solaris 10 SPARC STIG Benchmark Ver 1, Rel 14 Solaris 10 x86 STIG Benchmark Ver 1, Rel 14 Solaris 11 SPARC STIG Benchmark Ver 1, Rel 2 Solaris 11 x86 STIG Benchmark Ver 1, Rel 2 Windows 10 Benchmark Ver 1, Rel 2 Windows 2008 DC STIG Benchmark Ver 6, Rel 34 Windows 2008 MS STIG Benchmark Ver 6, Rel 34 Windows 2008 R2 DC STIG Benchmark Ver 1, Rel 20 Windows 2008 R2 MS STIG Benchmark Ver 1, Rel 21 Windows 2012 and 2012 R2 DC STIG Benchmark Ver 2, Rel 4 Windows 2012 and 2012 R2 MS STIG Benchmark Ver 2, Rel 4 Windows 7 STIG Benchmark Ver 1, Rel 28 Windows 8/8.1 Benchmark Ver 1, Rel 14 Windows Vista STIG Benchmark Ver 6, Rel 42 STIGs no longer supported: http://iase.disa.mil/stigs/sunset/Pages/index.aspx HBSS ePO 4.5 Rollup STIG Ver 4, Rel 13 (DoD PKI Required) HBSS eOO 4.5 Site STIG Ver 4, Rel 16 (DoD PKI Required) HBSS ePO 4.6 STIG Ver 4, Rel 17 (DoD PKI Required) Samsung Android (with Knox 2.x) STIG Ver 1, Rel 4 For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil