Use DISA STIGs to Secure Your IT Systems
By: Omer Kaan Aslim
July 09, 2020
The Defense Information Systems Agency (DISA) has a wide range of security technical implementation guides (STIGS) company’s can leverage to secure their IT systems.
What are DISA STIGS?
STIGS or security technical implementation guides are system configuration recommendations for applications, network devices, workstations, servers, and even printers. Most systems and applications are insecure with their default settings. As a result, they are plagued with a large number of vulnerabilities. DISA STIGS provide specific guidance on how to remediate these common vulnerabilities.
Where can I get DISA STIGS?
You can download DISA STIGS from the DoD Cyber Exchange.
To view the STIG XML files you will need to use the STIG Viewer. The STIG Viewer can also be downloaded from the DoD Cyber Exchange.
To view your STIGs you simply import the XML file that came with the STIG you downloaded into STIG Viewer. You will then be able to view your STIGS in STIG Viewer.
How do I apply DISA STIGS to my systems?
If you want to use STIGs to secure your windows based systems then use group policy. To do so you will need to download the relevant admin or ADMX files and upload them to group policy. You can find the ADMX files for a wide range of apps and operating systems via Google. From there you apply the settings shown in the STIG Viewer to the group policy object(s) you created. Then deploy the group policy objects to your windows systems.
For non-Windows systems such as printers, routers, and other network devices you will generally have to apply the STIGS manually. Please note that if you have several of the same devices in your environment you might be able to apply STIGS to one of them and apply the same configuration file to the others. If you use Linux servers I would recommend creating a baseline image with the DISA STIGS applied. Use this secure image when deploying Linux servers.
DISA STIGS and Cybersecurity Compliance
Most cybersecurity frameworks such as the NIST Cybersecurity Framework, the cybersecurity maturity model certification (CMMC) framework, and the CIS security control framework require the creation of secure baseline configurations for your systems. DISA STIGs allow you to accomplish this. They also include settings on log collection, the use of outdated protocols, and encryption enforcement. All of these settings support your cybersecurity compliance initiatives.
Need Help Deploying DISA STIGS?
Our cybersecurity team can secure your systems using DISA STIGS. If you would like to benefit from our experience and work with us please send us a message at info[@]cubcyber.com.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance