The Defense Information Systems Agency has released the following out-of-cycle Security Technical Implementation Guide (STIG) and benchmark updates, which become effective immediately upon release:

Microsoft Defender Antivirus STIG – Ver 2, Rel 4
Microsoft Windows 10 STIG – Ver 2, Rel 4
Microsoft Windows 2012 and 2012 R2 DC STIG – Ver 3, Rel 4
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 3, Rel 4
Microsoft Windows 2012 Server Domain Name System (DNS) STIG – Ver 2, Rel 5
Microsoft Windows Privileged Access Workstation (PAW) STIG – Ver 2, Rel 2
Microsoft Windows Server 2016 STIG – Ver 2, Rel 4
Microsoft Windows Server 2019 STIG – Ver 2, Rel 4

Microsoft Defender Antivirus STIG Benchmark – Ver 2, Rel 3
Microsoft Windows 10 STIG Benchmark – Ver 2, Rel 4
Microsoft Windows Server 2012 and 2012 R2 DC STIG Benchmark – Ver 3, Rel 3
Microsoft Windows Server 2012 and 2012 R2 MS STIG Benchmark – Ver 3, Rel 3
Microsoft Windows Server 2016 STIG Benchmark – Ver 2, Rel 2
Microsoft Windows Server 2019 STIG Benchmark – Ver 2, Rel 2

The Group Policy Objects file also reflects these STIG updates.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the files can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.