General Cyber Exchange Announcements

Supplemental Automation Content has been updated for July 2020

This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.

The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/

For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/

McAfee Home Use Solutions

McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.

The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.

SRGs/STIGs Announcements

DISA releases the Tanium 7.x on TanOS Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Tanium 7.x on TanOS Technical Implementation Guide (STIG), which is effective immediately upon release. Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/. Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Microsoft Azure SQL Database Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Microsoft Azure SQL Database Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Microsoft Windows 11 Security Technical Implementation Guide benchmark

The Defense Information Systems Agency recently approved the automated benchmark for the Microsoft Windows 11 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the benchmark from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the benchmark or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Microsoft Android 11 Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Microsoft Android 11 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases out-of-cycle STIG and SCAP updates.

The Defense Information Systems Agency has approved the following out-of-cycle Security Technical Implementation Guide (STIG) and Security Content Automation Protocol (SCAP) benchmark updates, which become effective immediately upon release:

Active Directory Domain – Ver 3, Rel 2
Microsoft Windows 10 STIG – Ver 2, Rel 5
Microsoft Windows 11 STIG – Ver 1, Rel 2
Microsoft Windows 2012 and 2012 R2 DC STIG – Ver 3, Rel 5
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 3, Rel 5
Microsoft Windows Server 2016 STIG – Ver 2, Rel 5
Microsoft Windows Server 2019 STIG – Ver 2, Rel 5

Microsoft Windows 10 STIG Benchmark – Ver 2, Rel 6
Microsoft Windows Server 2012 and 2012 R2 DC STIG Benchmark – Ver 3, Rel 4
Microsoft Windows Server 2012 and 2012 R2 MS STIG Benchmark – Ver 3, Rel 4
Microsoft Windows Server 2016 STIG Benchmark – Ver 2, Rel 3
Microsoft Windows Server 2019 STIG Benchmark – Ver 2, Rel 3

The Group Policy Objects file was updated previously (refer to October 31 posting) to reflect these STIG updates.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the files can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

STIG Update - DISA issues latest beta version of STIG Applicability Guide

DISA has issued a prerelease of the next version of the STIG Applicability Guide for Linux and Windows. Please submit any comments on this beta version to disa.stig_spt@mail.mil.

The purpose of this tool is to help the SRG/STIG user community determine what SRGs and/or STIGs apply to a particular situation or information system and create a fully formatted document containing a “collection” of applicable SRGs and STIGs.

The SRG/STIG Applicability Guide is updated periodically to address the most recent SRG/STIG releases and sunset products.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DoD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/srg-stig-tools/. under the “SRG-STIG Applicability Guide (BETA)” section. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/srg-stig-tools/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases out-of-cycle IBM z/OS STIG and Products updates

The Defense Information Systems Agency has released the following out-of-cycle Security Technical Implementation Guide (STIG) updates, which become effective immediately upon release:

IBM z/OS STIG

zOS ACF2 Products STIG – Ver 6, Rel 55

zOS RACF Products STIG – Ver 6, Rel 55

zOS TSS Products STIG – Ver 6, Rel 55

The updates were made to correct non-ASCII characters in the STIGs. Please note that some RuleIDs in the STIGs are updated due to changes within DISA’s content management system. Despite the RuleID change, content did not change unless specified in the Revision History file.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the files can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the HPE 3PAR StoreServ OS Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the HPE 3PAR StoreServ OS Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Samsung Android OS 13 with Knox 3.x Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Samsung Android OS 13 with Knox 3.x Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

SCC Survey 2022

The Naval Information Warfare Center Atlantic has a 2022 survey for SCAP Compliance Checker to assess the performance of the application and to gauge the user’s satisfaction with the application. Please take a few minutes to provide us your feedback. SCC Survey 2022.

DISA releases the Google Android 13 Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Google Android 13 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

Request for comments - DISA releases the draft Cloud Computing Mission Owner SRG for review

The Defense Information Systems Agency recently released the draft Cloud Computing Mission Owner Security Requirements Guide (SRG) for review.

Customers who possess a Common Access Card that has valid Department of Defense certificates can submit comments and/or recommended changes to the draft SRG by 07 December 2022 on the comment matrix spreadsheet, which is located with the SRG at https://cyber.mil/stigs/downloads/.

The draft SRG and comment matrix are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Please email comments to disa.stig_spt@mail.mil and include the title and version of the SRG in the subject line.

Users who are unable to find and download these files or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil.

PKI/PKE Announcements

New WCF CAs released - Certificate Bundle v5.13

The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.13.