General Cyber Exchange Announcements
Supplemental Automation Content has been updated for July 2020
This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.
The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/
For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/
McAfee Home Use Solutions
McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.
The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.
SRGs/STIGs Announcements
DISA releases the Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide
The Defense Information Systems Agency recently approved the Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide (STIG), which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases the Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide
The Defense Information Systems Agency recently approved the Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide (STIG) which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
Request for comments - DISA releases the draft Cloud Computing SRG V2 for review
The Defense Information Systems Agency recently released the draft Cloud Computing Security Requirements Guide (SRG) Version 2 for review.
Customers who possess a Common Access Card that has valid Department of Defense certificates can submit comments and/or recommended changes to the draft SRG by 25 September 2023 on the comment matrix spreadsheet, which is located with the SRG at https://cyber.mil/stigs/downloads/.
The draft SRG and comment matrix are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Please email comments to disa.stig_spt@mail.mil and include the title and version of the SRG in the subject line.
Users who are unable to find and download these files or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil.
Request for comments - DISA releases the draft Microsoft Windows Server 2022 DNS STIG for review
The Defense Information Systems Agency recently released the draft Microsoft Windows Server 2022 DNS Security Technical Implementation Guide (STIG) for review.
Customers who possess a Common Access Card that has valid Department of Defense certificates can submit comments and/or recommended changes to the draft STIG by 07 September on the comment matrix spreadsheet, which is located with the STIG https://cyber.mil/stigs/downloads/.
The draft STIG and comment matrix are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.
Please email comments to disa.stig_spt@mail.mil and include the title and version of the STIG in the subject line.
Users who are unable to find and download these files or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil.
DISA releases Microsoft Windows 11 STIG with Chef
The Defense Information Systems Agency recently released the Microsoft Windows 11 Security Technical Implementation Guide (STIG) with Chef. This content is published as a resource to assist in the application of security guidance to systems.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the file from the DOD Cyber Exchange website at https://cyber.mil/stigs/supplemental-automation-content/. The file is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/supplemental-automation-content/.
Users who are unable to find and download the content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases out-of-cycle Microsoft Office 365 ProPlus STIG update
The Defense Information Systems Agency recently approved the Microsoft Office 365 ProPlus Security Technical Implementation Guide (STIG), Version 2, Release 10, which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases STIG Viewer 3.1 and User Guide
The Defense Information Systems Agency recently released the Security Technical Implementation Guide (STIG) Viewer 3.1 and the STIG Viewer User Guide.
STIG Viewer 3 integrates the capabilities of two previous DISA tools: STIG Viewer 2 and the STIG-SRG Applicability Guide. The STIG Viewer 2.17 release will remain on Cyber Exchange for now, but the STIG-SRG Applicability Guide has been removed from Cyber Exchange because it has been fully incorporated into the new STIG Viewer 3 application.
Customers who possess a Common Access Card (CAC) that has valid Department of Defense certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.
Users who are unable to find and download the content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases updates to the SRG/STIG Library Compilations
These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the compilation from the DoD Cyber Exchange website at https://cyber.mil/stigs/compilations/.
Users who are unable to find and download the SRG/STIG compilation can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases the TOSS 4 Security Technical Implementation Guide benchmark
The Defense Information Systems Agency recently approved the automated benchmark for the TOSS 4 Security Technical Implementation Guide (STIG), which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the benchmark from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Users who are unable to find and download the benchmark or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
Group Policy Objects (GPOs) have been updated for July 2023.
Group Policy Objects (GPOs) have been updated for July 2023. Refer to the Change Log document included in the zip file for additional information.
The DISA Risk Management Executive posts the GPOs for use by system administrators to ease the burden in securing systems within their environment.
The GPOs can be found on Cyber Exchange website on the Group Policy Objects tab at https://cyber.mil/stigs/gpo/. For users who do not have a CAC that has DoD certificates, the GPO is also available from https://public.cyber.mil/stigs/gpo/.
List of GPOs currently in the package:
Office Products
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office 2019-M365 Apps
Office System 2013
Office System 2016
OneDrive for Business 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016
Browsers
Edge
Google Chrome
Internet Explorer 11
Mozilla Firefox
Antivirus
Windows Defender AV
Adobe Acrobat
Adobe Acrobat Pro DC Continuous
Adobe Acrobat Reader DC Continuous
Operating Systems
Windows 10
Windows 11
Windows Firewall
Windows 2012 R2 DC
Windows 2012 R2 MS
Windows Server 2016 (MS and DC)
Windows Server 2019 (MS and DC)
Windows Server 2022
DISA publishes July 2023 Quarterly Maintenance Release
DISA has released the following updated Security Guidance, Security Readiness Review Scripts, Supplemental Automation Content, and Benchmarks.
Unclassified Application STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
Apache Server 2.4 Unix STIG
Apache Tomcat Application Server 9 STIG – Ver 2, Rel 5
Application Security and Development STIG – Ver 5, Rel 3
Application Server SRG – Ver 3, Rel 4
Container Platform SRG – Ver 1, Rel 4
IBM DB2 V10.5 STIG – Ver 2, Rel 1
Kubernetes STIG – Ver 1, Rel 10
Microsoft Azure SQL Database STIG – Ver 1, Rel 2
Microsoft Edge STIG – Ver 1, Rel 7
Microsoft OneDrive STIG – Ver 2, Rel 3
MS SQL Server 2016 STIG
Mozilla Firefox STIG – Ver 6, Rel 5
Oracle Database 12c STIG – Ver 2, Rel 8
Oracle MySQL 8.0 STIG – Ver 1, Rel 4
Rancher Government Solutions Multi-Cluster Manager STIG – Ver 1, Rel 3
Rancher Government Solutions RKE2 STIG – Ver 1, Rel 3
Unclassified Mobility STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility
BlackBerry Enterprise Mobility Server (BEMS) 3.x STIG – Ver 1, Rel 2
Jamf Pro v10.x EMM STIG – Ver 2, Rel 1
VMware vSphere 6.5 STIG
VMware vSphere 6.7 STIG
Unclassified Network STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
Cisco IOS Router STIG
Cisco IOS Switch STIG
Cisco IOS XE Router STIG
Cisco IOS XE Switch STIG
Cisco IOS XR Router STIG
Cisco NX OS Switch STIG
Domain Name System (DNS) SRG – Ver 3, Rel 1
Forescout STIG
Fortinet FortiGate Firewall STIG
HPE 3PAR StoreServ OS STIG
Juniper EX Series Switches STIG
Palo Alto Networks Prisma Cloud Compute STIG – Ver 1, Rel 3
Splunk Enterprise 7.x for Windows STIG – Ver 2, Rel 4
Splunk Enterprise 8.x for Linux STIG – Ver 1, Rel 4
VMware NSX-T Data Center STIG
Unclassified Operating System STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
Apple macOS 12 (Monterey) STIG – Ver 1, Rel 7
Canonical Ubuntu 20.04 LTS STIG – Ver 1, Rel 9
General Purpose Operating System SRG – Ver 2, Rel 6
IBM AIX 7.x STIG – Ver 2, Rel 8
IBM zOS STIG
Oracle Linux 7 STIG – Ver 2, Rel 12
Oracle Linux 8 STIG – Ver 1, Rel 7
Red Hat Enterprise Linux 7 STIG – Ver 3, Rel 12
Red Hat Enterprise Linux 8 STIG – Ver 1, Rel 11
Solaris 11 SPARC STIG – Ver 2, Rel 8
Solaris 11 X86 STIG – Ver 2, Rel 8
SUSE Linux Enterprise Server 12 STIG – Ver 2, Rel 11
VMware vSphere 7.0 STIG
z/OS ACF2 Products – Ver 6, Rel 58
z/OS RACF Products – Ver 6, Rel 58
z/OS TSS Products – Ver 6, Rel 58
z/OS SRR Scripts – Ver 6, Rel 58
Sunset:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
Esri ArcGIS for Server 10.3 STIG – Ver 2, Rel 1
Samsung Android OS 10 with Knox 3.x STIG – Ver 2, Rel 1
Uncategorized STIGs:
https://cyber.mil/stigs/downloads/
Traditional Security Checklist – Ver 2, Rel 4
Supplemental Automation Content:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content
Canonical Ubuntu 20.04 LTS STIG for Ansible – Ver 1, Rel 9
Oracle Linux 8 STIG for Ansible – Ver 1, Rel 7
Red Hat Enterprise Linux 7 STIG for Ansible – Ver 3, Rel 12
Red Hat Enterprise Linux 8 STIG for Ansible – Ver 1, Rel 11
Red Hat Enterprise Linux 8 STIG for Chef – Ver 1, Rel 11
Benchmarks:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=scap
Canonical Ubuntu 20.04 LTS STIG Benchmark – Ver 1, Rel 7
Kubernetes STIG Benchmark – Ver 1, Rel 2
Oracle Linux 7 STIG Benchmark – Ver 2, Rel 12
Oracle Linux 8 STIG Benchmark – Ver 1, Rel 6
Red Hat Enterprise Linux 7 STIG Benchmark – Ver 3, Rel 12
Red Hat Enterprise Linux 8 STIG Benchmark – Ver 1, Rel 10
SUSE Linux Enterprise Server 12 STIG Benchmark – Ver 2, Rel 10
DISA releases the BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide
The Defense Information Systems Agency recently approved the BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide (STIG), which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
PKI/PKE Announcements
New DoD PKI CAs Released
The latest DoD PKI CA Certificates Bundle (PKCS#7) v5.12 has been updated to include DoD ID/Email CAs 70-73 and DoD SW CAs 74-77. These new CAs should begin production issuance in the second half of 2023.
New WCF CAs released
The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.14.