What do you use to implement security controls?
First of all, implementation of security controls means to put security on your server, workstations or other information systems. The best guidance is where ever you can get it from. Your organization may provide resources to you. This could be process and procedures. You can also use security implementation guides https://public.cyber.mil/stigs/
But probably the best and most comprehensive source of implementation guidance is from the vendor of the system or OS you are using. For Cisco router security implementation they have guidance on Cisco.com (for example). Cisco probably won’t call them “security controls” but if you know you need to update the IOS, you would search their site for how to update the IOS and what is the most current IOS for your internetwork device.
STIGS
convocourses podcast: RMF Course Updates New NIST 800-53
On this podcast we discuss the following:
0:00 blank intro
0:40 Start of convocourse podcast
1:43 Helping with Master Degree on Nist RMF
2:38 Complete Course of NIST RMF
5:45 RMF NIST Course as an Audio file
7:40 RMF NIST Security Control Interpretation
11:40 ISSO lean to Support the team
15:52 Cannot get an ISSO Job
17:34 Security Control Family Interpretation
21:57 NIST RMF 800 and Privacy added
29:15 illegal pricing
31:33 ISC2 CAP vs ISSO work
Podcast: Play in new window | Download
Subscribe: Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS
Cybersecurity Convocourses Control Correlation Identifier (CCI), CIS and STIGS (PODCAST)
This is a breakdown of how CCI Controls map to STIGS and CIS.
Podcast: Play in new window | Download
Subscribe: Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS
STIG Update – STIG Viewer Version 2.9
STIG Update – STIG Viewer Version 2.9
DISA has released STIG Viewer Version 2.9. This latest version of STIG Viewer is available at https://iase.disa.mil/stigs/Pages/index.aspx.
Updates in Version 2.9 include the following additions:
– NIST SP 800-53 revision 4 control IDs to CSV exports of STIGs and Checklists
– Status to Checklist filters.
– Ability to create filtered Checklists from STIG filter results.
– Ability to filter on STIG names to the top of the STIGs list
– FQDN (fully-qualified domain name) to Checklist CSV export.
For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil
STIG Update – April 2019 Quarterly Release
STIG Update – April 2019 Quarterly Release
DISA has released the following updated Security Guidance, Security
Readiness Review Scripts and Benchmarks:
Unclassified Application STIGs : http://iase.disa.mil/stigs/app-security/Pages/index.aspx
Adobe Acrobat Professional Document Cloud (DC) Classic STIG, Version 1, Release 2
Citrix XenDesktop 7.x Delivery Controller STIG, Version 1, Release 2
Citrix XenDesktop 7.x License Server STIG, Version 1, Release 2
Citrix XenDesktop 7.x Windows Virtual Delivery Agent (VDA) STIG, Version 1, Release 2
McAfee VirusScan 8.8 Managed Client STIG, Version 5, Release 20
McAfee VSEL 1.9/2.0 Local Client STIG, Version 1, Release 4
McAfee VSEL 1.9/2.0 Managed Client STIG, Version 1, Release 4
Microsoft DotNet Framework 4.0 STIG, Version 1, Release 7
Microsoft Exchange 2010 Edge Transport Server STIG, Version 1, Release 5
Microsoft Exchange 2013 Edge Transport Server STIG, Version 1, Release 5
Microsoft Exchange 2013 Mailbox Server STIG, Version 1, Release 4
Microsoft Exchange 2016 Edge Transport Server STIG, Version 1, Release 2
Microsoft IIS 7.0 STIG, Version 1, Release 18
Microsoft IIS 8.5 Server STIG, Version 1, Release 7
Microsoft IIS 8.5 Site STIG, Version 1, Release 7
Microsoft Internet Explorer 11 STIG, Version 1, Release 17
Microsoft Office System 2013 STIG, Version 1, Release 8
Microsoft SQL Server 2016 Database STIG, Version 1, Release 4
Microsoft SQL Server 2016 Instance STIG, Version 1, Release 5
Microsoft Windows Defender Antivirus STIG, Version 1, Release 5
Mozilla FireFox STIG, Version 4, Release 25
PostgreSQL 9.x STIG, Version 1, Release 5
Web Server SRG, Version 2, Release 3
Unclassified Network STIGs and SRGs: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
BIND 9.x STIG, Version 1, Release 6
IBM MaaS360 with Watson MDM v10.x STIG, Version 1, Release 2
Infoblox 7.x DNS STIG, Version 1, Release 7
Network Infrastructure Policy STIG, Version 9, Release 8
Network WLAN STIG, Version 6, Release 15
Router SRG, Version 3, Release 2
Voice Video Endpoint SRG, Version 1, Release 9
Voice Video over Internet Protocol STIG, Version 3, Release 14
Voice Video Services Policy STIG, Version 3, Release 16
Unclassified Operating System STIGs and Overviews: http://iase.disa.mil/stigs/os/Pages/index.aspx
Active Directory Domain STIG, Version 2, Release 13
Apple OS X 10.3 (Sierra) STIG, Version 1, Release 2
Canonical Ubuntu 16.04 LTS STIG, Version 1, Release 2
Microsoft Windows Server 2008 DC STIG, Version 6, Release 43
Microsoft Windows Server 2008 MS STIG, Version 6, Release 42
Microsoft Windows Server 2008 R2 DC STIG, Version 1, Release 30
Microsoft Windows Server 2008 R2 MS STIG, Version 1, Release 29
Microsoft Windows Server 2012/2012 R2 DC STIG, Version 2, Release 16
Microsoft Windows Server 2012/2012 R2 MS STIG, Version 2, Release 15
Microsoft Windows Server 2016 STIG, Version 1, Release 8
Oracle Linux 6 STIG, Version 1, Release 15
Red Hat Enterprise Linux 6 STIG, Version 1, Release 22
Red Hat Enterprise Linux 7 STIG, Version 2, Release 3
Solaris 11 SPARC STIG, Version 1, Release 17
Solaris 11 x86 STIG, Version 1, Release 17
SUSE Enterprise Linux 12 STIG, Version 1, Release 2
z/OS ACF2 STIG, Version 6, Release 40
z/OS RACF STIG, Version 6, Release 40
z/OS TSS STIG, Version 6, Release 40
FOUO HBSS STIGs: https://iase.disa.mil/stigs/hbss/Pages/index.aspx
HBSS ePO 5.3/5.9 STIG Version 1, Release 17
HBSS HIP 8 Firewall STIG Version 1, Release 12
HBSS HIP 8 STIG Version 4, Release 22
HBSS Remote Console STIG Version 4, Release 17
McAfee ENS 10.x STIG Version 1, Release 3
FOUO Network STIGS: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
Joint Regional Security Stack STIG Version 1, Release 5
Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx
Microsoft Internet Explorer 11 STIG Benchmark, Version 1, Release 13
Microsoft Windows 2008 DC STIG Benchmark, Version 6, Release 43
Microsoft Windows 2008 MS STIG Benchmark, Version 6, Release 43
Microsoft Windows 2008 R2 DC STIG Benchmark, Version 1, Release 31
Microsoft Windows 2008 R2 MS STIG Benchmark, Version 1, Release 32
Microsoft Windows 2012 and 2012 R2 DC STIG Benchmark, Version 2, Release 16
Microsoft Windows 2012 and 2012 R2 MS STIG Benchmark, Version 2, Release 15
Microsoft Windows Defender Antivirus STIG Benchmark, Version 1, Release 2
Microsoft Windows Server 2016 STIG Benchmark, Version 1, Release 9
Red Hat Enterprise Linux 6 STIG Benchmark, Version 1, Release 23
Red Hat Enterprise Linux 7 STIG Benchmark, Version 2, Release 3
Solaris 11/SPARC STIG Benchmark, Version 1, Release 11
Solaris 11/X86 STIG Benchmark, Version 1, Release 11
STIG Update – Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) – April 2019
STIG Update – Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) – April 2019
Group Policy Objects (GPOs) have been updated for April 2019. See the Change Log document included in the zip file for additional information.
DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.
The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/gpo/Pages/index.aspx
List of GPOs currently in the package:
Office Products:
Adobe Acrobat Pro DC Classic
Office system 2013
Browsers:
Internet Explorer 11
Operating Systems:
Windows Server 2008 R2 MS
Windows Server 2008 R2 DC
Windows Server 2012 R2 MS
Windows Server 2012 R2 DC
Windows Server 2016 MS
Windows Server 2016 DC
AntiVirus:
Windows Defender AntiVirus
For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil