General Cyber Exchange Announcements

Supplemental Automation Content has been updated for July 2020

This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.

The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/

For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/

McAfee Home Use Solutions

McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.

The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.

SRGs/STIGs Announcements

DISA releases the updated DOD Annex for MDFPP V 3.3

The Defense Information Systems Agency recently released the updated DOD Annex for Mobile Device Fundamental Protection Profile MDFPP V3.3, which becomes effective immediately.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the Annex from the DOD Cyber Exchange website at https://cyber.mil/stigs/niap/. The Annex is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/niap.

Users who are unable to find and download the content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to Annex content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Mirantis Kubernetes Engine Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Mirantis Kubernetes Engine Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

STIG/SRG Updates for NIST SP 800-53 Rev 5 Set for July

DISA will be updating numerous STIGS and SRGs to bring them into compliance with changes from the fifth revision of the NIST SP 800-53. The STIG team will complete this work for the July maintenance release. Therefore, any routine STIG/SRG maintenance will be held until the October release. All 24 SRGs and 100 STIGs will be included in the July updates. View Rev 5 Update List

DISA releases out-of-cycle update for the Virtual Private Network Security Requirements Guide and the Web Server Security Requirements Guide

The Defense Information Systems Agency has released an out-of-cycle update for the Virtual Private Network Security Requirements Guide (SRG) and the Web Server SRG, which become effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

Release of SCC 5.9

The SCC team is pleased to announce the release of SCC 5.9, which contains:

– Added support for SQL Server 2016 -> 2022
– Added new Hybrid test to allow more automation
– Created SCAP benchmarks for SQL Server
– Updated all internal dependencies
– Removed support for older OS’s

Available from Cyber Exchange in the next week or two at:

####################################################

FY24 Funding Update: We have funding that looks promising for the first 1/2 of FY24, but are still looking for other groups to join in as a supporting member. Please contact our team if you’d like to help out.

DISA releases the Enterprise Voice, Video, and Messaging Security Requirements Guide

The Defense Information Systems Agency recently approved the Enterprise Voice, Video, and Messaging (EVVM) Security Requirements Guide (SRG), which is effective immediately upon release.
Note: The EVVM SRG replaces the Voice, Video, and VoIP STIGs currently in sunset. The Voice, Video, and VoIP STIGs must not be used and will be retired and removed from Cyber Exchange.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

Request for comments - DISA releases draft Microsoft Office365 ProPlus STIG SCAP benchmark snapshot for review

The Defense Information Systems Agency recently released the draft Microsoft Office365 ProPlus Security Technical Implementation Guide (STIG) Security Content Automation Protocol (SCAP) benchmark snapshot for review.

The draft benchmark is a snapshot of SCAP content developed for the technology and does not include the full spectrum of content expected to be included in the final release of the benchmark.

The Microsoft Office 365 ProPlus SCAP Benchmark must be used with the SCAP Compliance Checker (SCC) application to avoid potential false negative results.

Customers who possess a Common Access Card that has valid Department of Defense certificates can submit comments and/or recommended changes to the draft benchmark snapshot by 03 May 2024 on the comment matrix spreadsheet, which is located with the benchmark at https://cyber.mil/stigs/downloads/.

The draft benchmark snapshot and comment matrix are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Please limit comments and recommendations in the comment matrix to those that address the benchmark. Questions regarding the manual STIG should be sent to dod.cyberexchange@mail.mil.

Please email comments to disa.stig_spt@mail.mil and include the title and version of the benchmark in the subject line.

Users who are unable to find and download these files or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil.

SCC Survey 2024

The SCAP Compliance Checker (SCC) development team is requesting your feedback as part of their annual customer satisfaction survey. The survey has been redesigned from previous years, and it’s now shorter and easier to complete, with more focus on what end users need going forward. This is your chance to help influence SCC requirements for FY25.

The survey is currently open and results will be analyzed at the end of April 2024. The SCC team requests your feedback be completed by April 15.

https://usnavy.gov1.qualtrics.com/jfe/form/SV_4ZpXv8JkUlDs4lw

DISA releases the Google Android 14 BYOAD Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Google Android 14 BYOAD Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Samsung Android 14 BYOAD Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Samsung Android 14 BYOAD Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases RHEL 9 STIG with Ansible

The Defense Information Systems Agency recently released the RHEL 9 Security Technical Implementation Guide (STIG) with Ansible. This content is published as a resource to assist in the application of security guidance to systems.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the file from the DOD Cyber Exchange website at https://cyber.mil/stigs/supplemental-automation-content/. The file is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/supplemental-automation-content/.

Users who are unable to find and download the content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

PKI/PKE Announcements

Updated version of InstallRoot

InstallRoot version 5.6 is now available from the PKI/E Tools page. This release includes bug fixes and updates to InstallRoot embedded TAMP messages.