The Defense Information Systems Agency has approved the following out-of-cycle Security Technical Implementation Guide (STIG) and Security Content Automation Protocol (SCAP) benchmark updates, which become effective immediately upon release:

Active Directory Domain – Ver 3, Rel 2
Microsoft Windows 10 STIG – Ver 2, Rel 5
Microsoft Windows 11 STIG – Ver 1, Rel 2
Microsoft Windows 2012 and 2012 R2 DC STIG – Ver 3, Rel 5
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 3, Rel 5
Microsoft Windows Server 2016 STIG – Ver 2, Rel 5
Microsoft Windows Server 2019 STIG – Ver 2, Rel 5

Microsoft Windows 10 STIG Benchmark – Ver 2, Rel 6
Microsoft Windows Server 2012 and 2012 R2 DC STIG Benchmark – Ver 3, Rel 4
Microsoft Windows Server 2012 and 2012 R2 MS STIG Benchmark – Ver 3, Rel 4
Microsoft Windows Server 2016 STIG Benchmark – Ver 2, Rel 3
Microsoft Windows Server 2019 STIG Benchmark – Ver 2, Rel 3

The Group Policy Objects file was updated previously (refer to October 31 posting) to reflect these STIG updates.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the files can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.