Use DISA STIGs to Secure Your IT Systems

STIGS or security technical implementation guides are system configuration recommendations for applications, network devices, workstations, servers, and even printers. Most systems and applications are insecure with their default settings. As a result, they are plagued with a large number of vulnerabilities. DISA STIGS provide specific guidance on how to remediate these common vulnerabilities.

You can download DISA STIGS from the DoD Cyber Exchange.

To view the STIG XML files you will need to use the STIG Viewer. The STIG Viewer can also be downloaded from the DoD Cyber Exchange.

To view your STIGs you simply import the XML file that came with the STIG you downloaded into STIG Viewer. You will then be able to view your STIGS in STIG Viewer.

If you want to use STIGs to secure your windows based systems then use group policy. To do so you will need to download the relevant admin or ADMX files and upload them to group policy. You can find the ADMX files for a wide range of apps and operating systems via Google. From there you apply the settings shown in the STIG Viewer to the group policy object(s) you created. Then deploy the group policy objects to your windows systems.

For non-Windows systems such as printers, routers, and other network devices you will generally have to apply the STIGS manually. Please note that if you have several of the same devices in your environment you might be able to apply STIGS to one of them and apply the same configuration file to the others. If you use Linux servers I would recommend creating a baseline image with the DISA STIGS applied. Use this secure image when deploying Linux servers.

Most cybersecurity frameworks such as the NIST Cybersecurity Framework, the cybersecurity maturity model certification (CMMC) framework, and the CIS security control framework require the creation of secure baseline configurations for your systems. DISA STIGs allow you to accomplish this. They also include settings on log collection, the use of outdated protocols, and encryption enforcement. All of these settings support your cybersecurity compliance initiatives.

Our cybersecurity team can secure your systems using DISA STIGS. If you would like to benefit from our experience and work with us please send us a message at info[@]lakeridge.io.