General Cyber Exchange Announcements

New DoD PKI CAs released

The latest DoD PKI CA Certificates Bundle (PKCS#7) v5.11 has been updated to include DoD Root CA 6. Additionally, the bundle also adds certificates for DoD ID and Email CA 71 and DoD SW CA 75. Several expired CAs were also removed from the bundle.

Supplemental Automation Content has been updated for July 2020

This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.

The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/

For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/

McAfee Home Use Solutions

McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.

The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.

SRGs/STIGs Announcements

DISA releases the VMware vSphere 7.0 Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the VMware vSphere 7.0 Security Technical Implementation, which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

The SCC Development Team is pleased to announce the release of SCC 5.7.1.

The binaries will be available at:

https://public.cyber.mil/stigs/scap/ in the SCAP Tools section.
https://cyber.mil/stigs/scap/ in the SCAP Tools section.
https://cyber.smil.mil/stigs/scap/ in the SCAP Tools section.

Primary changes from 5.7 to 5.7.1:

For All Platforms
• Fixed data interoperability issue with SCC’s CKL file and eMASS
• Disabled the creation of XCCDF Results for Manual Questions rules, if Manual Question processing option is disabled.
• Updated upgrade feature on Windows to upgrade any Manual Question results from a previous installation
• Improved functionality of Manual Question GUI, adding searching and sorting
• Minor improvements to Manual Question autoanswer text file templates

Windows
• Fixed issue running on Windows when no network cards have IP Addresses
• Fixed issue with WMI remote scanning of a computer with ipv6

Linux
• Fixed issue running GUI at 1024 x 768 resolution

MacOS
• Fixed minor issues with incorrectly identifying NIST content as containing manual checks.

If you would like to download SCC 5.7.1 right now, you can obtain it from DOD SAFE:
TBD

SCC 5.7.1 will be available for download from DISA in the near future, depending on DISA’s release schedule/process at:

What’s next for SCC

• Increased automation by adding more automated checks to existing DISA benchmarks, and publishing them on NIWC’s “Enhanced” SCAP content repository

DISA releases the AvePoint Compliance Guardian Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the AvePoint Compliance Guardian Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Technical Implementation Guide

The Defense Information Systems Agency recently approved the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Security Technical Implementation Guide (STIG) which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Riverbed NetProfiler Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Riverbed NetProfiler Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases Microsoft Windows Server 2022 STIG with Ansible

The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation Guide (STIG) with Ansible. This content is published as a resource to assist in the application of security guidance to systems.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the file from the DOD Cyber Exchange website at https://cyber.mil/stigs/supplemental-automation-content/. The file is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/supplemental-automation-content/.

Users who are unable to find and download the content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases Microsoft Windows Server 2022 STIG with Chef

The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation Guide (STIG) with Chef. This content is published as a resource to assist in the application of security guidance to systems.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the file from the DOD Cyber Exchange website at https://cyber.mil/stigs/supplemental-automation-content/. The file is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/supplemental-automation-content/.

Users who are unable to find and download the content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

GPO Update

Group Policy Objects (GPOs) have been updated for January 2023. See the Change Log document included in the zip file for additional information.

DISA risk management executive posted the GPOs for use by system administrators to ease the burden in securing systems within their environment.

The GPOs can be found on Cyber Exchange website on the Group Policy Objects tab located at https://cyber.mil/stigs/gpo/. For users who do not have a CAC that has DoD certificates, the GPO is also available from https://public.cyber.mil/stigs/gpo/.

List of GPOs currently in the package:

Office Products

  • Access 2013
  • Access 2016
  • Excel 2013
  • Excel 2016
  • InfoPath 2013
  • Lync 2013
  • Office System 2013
  • Office System 2016
  • Office 2019-M365 Apps
  • OneDrive for Business 2016
  • Outlook 2013
  • Outlook 2016
  • PowerPoint 2013
  • PowerPoint 2016
  • Project 2013
  • Project 2016
  • Publisher 2013
  • Publisher 2016
  • Skype for Business 2016
  • Visio 2013
  • Visio 2016
  • Word 2013
  • Word 2016

Browsers

  • MS Edge
  • Google Chrome
  • MS Internet Explorer 11

Antivirus

  • Windows Defender AV

Adobe Acrobat

  • Adobe Acrobat Pro DC Continuous
  • Adobe Acrobat Reader DC Continuous

Operating Systems

  • Windows 10
  • Windows 11
  • Windows Firewall
  • Windows Server 2012 R2 (MS and DC)
  • Windows Server 2016 (MS and DC)
  • Windows Server 2019 (MS and DC)
  • Windows Server 2022 (MS and DC)

STIG Update

DISA recently released the following updated Security Guidance, Security Readiness Review Scripts, Supplemental Automation Content, and Benchmarks:

Unclassified Application STIGs : 

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security

  • Apache Server 2.4 UNIX STIG
  • Apache Server 2.4 Windows STIG
  • Google Chrome STIG – Ver 2, Rel 8
  • Kubernetes STIG – Ver 1, Rel 8
  • Microsoft IIS 8.5 STIG
  • Microsoft IIS 10.0 STIG
  • Microsoft Office 365 ProPlus STIG – Ver 2, Rel 8
  • Oracle Database 12c STIG – Ver 2, Rel 6
  • Oracle HTTP Server 12.1.3 STIG – Ver 2, Rel 2

Unclassified Mobility STIGs and SRGs: 

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility

  • Samsung Android 13 with Knox 3.x STIG

Unclassified Network STIGs and SRGs: 

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless

  • Cisco ASA STIG
  • Cisco IOS Router STIG
  • Cisco IOS-XE Router STIG
  • NetApp ONTAP DSC 9.x STIG – Ver 1, Rel 3
  • Network Infrastructure Policy STIG – Ver 10, Rel 4
  • Layer 2 Switch SRG – Ver 1, Rel 2

Unclassified Operating System STIGs and Overviews: 

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems

Apple macOS 11 (Big Sur) STIG – Ver 1, Rel 7

  • Apple macOS 12 (Monterey) STIG – Ver 1, Rel 5
  • Canonical Ubuntu 18.04 LTS STIG – Ver 2, Rel 9
  • Canonical Ubuntu 20.04 LTS STIG – Ver 1, Rel 6
  • General Purpose Operating System SRG – Ver 2, Rel 5
  • IBM z/OS STIG
  • Oracle Linux 7 STIG – Ver 2, Rel 10
  • Oracle Linux 8 STIG – Ver 1, Rel 5
  • Red Hat Enterprise Linux 7 STIG – Ver 3, Rel 10
  • Red Hat Enterprise Linux 8 STIG – Ver 1, Rel 9
  • Solaris 11 SPARC STIG – Ver 2, Rel 7
  • Solaris 11 x86 STIG – Ver 2, Rel 7
  • SUSE Linux Enterprise Server 12 STIG – Ver 2, Rel 9
  • SUSE Linux Enterprise Server 15 STIG – Ver 1, Rel 9

Supplemental Automation Content:

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content

  • Canonical Ubuntu 18.04 LTS STIG for Ansible – Ver 2, Rel 10
  • Canonical Ubuntu 20.04 LTS STIG for Ansible – Ver 1, Rel 7
  • Oracle Linux 8 STIG for Ansible – Ver 1, Rel 5
  • Red Hat Enterprise Linux 7 STIG for Ansible – Ver 3, Rel 10
  • Red Hat Enterprise Linux 8 STIG for Chef – Ver 1, Rel 9
  • Red Hat Enterprise Linux 8 STIG for Ansible – Ver 1, Rel 9
  • SUSE Linux Enterprise Server (SLES) 15 STIG for Ansible – Ver 1, Rel 9

Sunset:

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset

  • Apple OS X 10.15 STIG – Ver 1, Rel 10
  • Google Android 10 STIG
  • Google Android 11 STIG
  • Oracle Linux 6 STIG – Ver 2, Rel 7
  • Solaris 10 SPARC STIG – Ver 2, Rel 4
  • Solaris 10 x86 STIG – Ver 2, Rel 4

Benchmarks:

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=scap

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=scap

  • Canonical Ubuntu 18.04 LTS STIG Benchmark – Ver 2, Rel 8
  • Canonical Ubuntu 20.04 LTS STIG Benchmark – Ver 1, Rel 5
  • Cisco IOS-XE Router NDM STIG Benchmark – Ver 1, Rel 6
  • Google Chrome STIG Benchmark – Ver 2, Rel 8
  • Microsoft .NET Framework 4 STIG Benchmark – Ver 2, Rel 2
  • Microsoft Internet Explorer 11 STIG Benchmark – Ver 2, Rel 4
  • Microsoft Windows 10 STIG Benchmark – Ver 2, Rel 7
  • Oracle Linux 7 STIG Benchmark- Ver 2, Rel 10
  • Oracle Linux 8 STIG Benchmark – Ver 1, Rel 4
  • Red Hat Enterprise Linux 7 STIG Benchmark – Ver 3, Rel 10
  • Red Hat Enterprise Linux 8 STIG Benchmark – Ver 1, Rel 8
  • Sunset – Solaris 10 SPARC STIG Benchmark – Ver 2, Rel 4
  • Sunset – Solaris 10 X86 STIG Benchmark – Ver 2, Rel 4
  • SUSE Linux Enterprise Server 12 STIG Benchmark – Ver 2, Rel 8
  • SUSE Linux Enterprise Server 15 STIG Benchmark – Ver 1, Rel 3

DISA releases the TOSS 4 Security Technical Implementation Guide

The Defense Information Systems Agency recently released the TOSS 4 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

The STIG is now available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Microsoft Windows Server 2022 Security Technical Implementation Guide benchmark

The Defense Information Systems Agency recently approved the automated benchmark for the Microsoft Windows Server 2022 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the benchmark from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the benchmark or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

PKI/PKE Announcements

New DoD PKI CAs released

The latest DoD PKI CA Certificates Bundle (PKCS#7) v5.11 has been updated to include DoD Root CA 6. Additionally, the bundle also adds certificates for DoD ID and Email CA 71 and DoD SW CA 75. Several expired CAs were also removed from the bundle.