General Cyber Exchange Announcements

Supplemental Automation Content has been updated for July 2020

This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.

The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/

For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/

McAfee Home Use Solutions

McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.

The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.

SRGs/STIGs Announcements

DISA releases the Red Hat Enterprise Linux (RHEL) 9 Security Technical Implementation Guide benchmark

The Defense Information Systems Agency recently approved the automated benchmark for the Red Hat Enterprise Linux (RHEL) 9 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the benchmark from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the benchmark or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Apple iOS/iPadOS 17 BYOAD Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Apple iOS/iPadOS 17 BYOAD Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the IBM zSecure Suite Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the IBM zSecure Suite Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases out-of-cycle F5 BIG-IP STIG update

The Defense Information Systems Agency has released an out-of-cycle update for the F5 BIG-IP Security Technical Implementation Guide (STIG), which becomes effective immediately upon release.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the files can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases updates to the SRG/STIG Library Compilations.

These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update.

Customers can obtain the compilation from the DoD Cyber Exchange website at https://public.cyber.mil/stigs/compilations/.

Users who are unable to find and download the SRG/STIG compilation can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Microsoft Windows Server DNS Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

GPO Update

Group Policy Objects (GPOs) have been updated for January 2024. See the Change Log document included in the zip file for additional information.

DISA risk management executive posted the GPOs for use by system administrators to ease the burden in securing systems within their environment.

The GPOs can be found on Cyber Exchange website on the Group Policy Objects tab located at https://cyber.mil/stigs/gpo/. For users who do not have a CAC that has DoD certificates, the GPO is also available from https://public.cyber.mil/stigs/gpo/.

List of GPOs currently in the package:

Office Products

Access 2013

Access 2016

Excel 2013

Excel 2016

InfoPath 2013

Lync 2013

Office 2019-M365 Apps

Office System 2013

Office System 2016

OneDrive for Business 2016

OneNote 2013

OneNote 2016

Outlook 2013

Outlook 2016

PowerPoint 2013

PowerPoint 2016

Project 2013

Project 2016

Publisher 2013

Publisher 2016

SharePoint Designer 2013

Skype for Business 2016

Visio 2013

Visio 2016

Word 2013

Word 2016

Browsers

Edge

Google Chrome

Internet Explorer 11

Mozilla Firefox

Antivirus

Windows Defender AV

Adobe Acrobat

Adobe Acrobat Pro DC Continuous

Adobe Acrobat Reader DC Continuous

Operating Systems

Windows 10

Windows 11

Windows Firewall

Windows 2012 R2 DC

Windows 2012 R2 MS

Windows Server 2016 (MS and DC)

Windows Server 2019 (MS and DC)

Windows Server 2022

STIG Update

DISA recently released the following updated Security Guidance, Security Readiness Review Scripts, Supplemental Automation Content, and Benchmarks:

Unclassified Application STIGs :
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security

Apache Server 2.4 Unix STIG
Apache Tomcat Application Server 9 STIG – Ver 2, Rel 7
Container Platform SRG – Ver 1, Rel 5
Crunchy Data PostgreSQL STIG – Ver 2, Rel 2
Database SRG – Ver 3, Rel 4
EDB Postgres Advanced Server v11 for Windows STIG – Ver 2, Rel 3
Google Chrome STIG – Ver 2, Rel 9
MariaDB Enterprise 10.x STIG – Ver 1, Rel 3
MarkLogic Server v9 STIG – Ver 2, Rel 2
Microsoft .Net Framework 4.0 STIG – Ver 2, Rel 3
Microsoft Exchange 2016 STIG
Microsoft Internet Explorer 11 STIG – Ver 2, Rel 5
MongoDB Enterprise Advanced 3.x STIG – Ver 2, Rel 2
MongoDB Enterprise Advanced 4.x STIG – Ver 1, Rel 3
MS SQL Server 2016 STIG
Oracle Database 11.2g STIG – Ver 2, Rel 4
Oracle Database 12c STIG – Ver 2, Rel 9
Oracle MySQL 8.0 STIG – Ver 1, Rel 5
PostgreSQL 9.x STIG – Ver 2, Rel 4
Rancher Government Solutions RKE2 STIG – Ver 1, Rel 4
Redis Enterprise 6.x STIG – Ver 1, Rel 3

Unclassified Mobility STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility

Apple iOS/iPadOS 16 STIG – Ver 1, Rel 3
BlackBerry CylancePROTECT Mobile for UEM STIG – Ver 1, Rel 2

Unclassified Network STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless

Cisco IOS Router STIG
Cisco IOS Switch STIG
Cisco IOS XE Router STIG
Cisco IOS XE Switch STIG
Cisco IOS XR Router STIG
Cisco ISE STIG
Cisco NX OS Switch STIG
HPE 3PAR StoreServ OS STIG
HPE Nimble Storage Array STIG – Ver 1, Rel 2
Juniper EX Series Switches STIG
Palo Alto Networks STIG

Unclassified Operating System STIGs and Overviews:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems

Canonical Ubuntu 18.04 LTS STIG – Ver 2, Rel 13
Canonical Ubuntu 20.04 LTS STIG – Ver 1, Rel 11
General Purpose Operating System SRG – Ver 2, Rel 7
IBM zOS STIG
Oracle Linux 7 STIG – Ver 2, Rel 14
Oracle Linux 8 STIG – Ver 1, Rel 9
Red Hat Enterprise Linux 7 STIG – Ver 3, Rel 14
Red Hat Enterprise Linux 8 STIG – Ver 1, Rel 13
Red Hat Enterprise Linux 9 STIG – Ver 1, Rel 2
Solaris 11 SPARC STIG – Ver 2, Rel 9
Solaris 11 X86 STIG – Ver 2, Rel 9
SUSE Linux Enterprise Server 12 STIG – Ver 2, Rel 13
SUSE Linux Enterprise Server 15 STIG – Ver 1, Rel 12
Tri-Lab Operating System Stack (TOSS) 4 STIG – Ver 1, Rel 3
VMware vSphere 7.0 STIG

Unclassified Uncategorized STIGs:

https://cyber.mil/stigs/downloads

Traditional Security Checklist – Ver 2, Rel 5

Supplemental Automation Content:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content

Canonical Ubuntu 18.04 LTS STIG for Ansible – Ver 2, Rel 13
Canonical Ubuntu 20.04 LTS STIG for Ansible – Ver 1, Rel 11
Oracle Linux 8 STIG for Ansible – Ver 1, Rel 9
Red Hat Enterprise Linux 7 STIG for Ansible – Ver 3, Rel 14
Red Hat Enterprise Linux 8 STIG for Ansible – Ver 1, Rel 13
Red Hat Enterprise Linux 8 STIG for Chef – Ver 1, Rel 13
SUSE Linux Enterprise Server 15 for Ansible – Ver 1, Rel 13

Sunset:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset

Sunset – EDB Postgres Advanced Server v9.6 STIG – Ver 2, Rel 3
Sunset – Honeywell Android 9.x STIG
Sunset – Trend Micro Deep Security 9.x STIG – Ver 1, Rel 2

Benchmarks:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=scap

Canonical Ubuntu 18.04 LTS STIG Benchmark – Ver 2, Rel 11
Canonical Ubuntu 20.04 LTS STIG Benchmark – Ver 1, Rel 9
Google Chrome STIG Benchmark – Ver 2, Rel 9
Microsoft Defender Antivirus STIG Benchmark – Ver 2, Rel 5
Microsoft Internet Explorer 11 STIG Benchmark – Ver 2, Rel 6
Oracle Linux 7 STIG Benchmark – Ver 2, Rel 14
Oracle Linux 8 STIG Benchmark – Ver 1, Rel 8
Red Hat Enterprise Linux 7 STIG Benchmark – Ver 3, Rel 14
Red Hat Enterprise Linux 8 STIG Benchmark – Ver 1, Rel 12
SUSE Linux Enterprise Server 12 STIG Benchmark – Ver 2, Rel 11
SUSE Linux Enterprise Server 15 STIG Benchmark – Ver 1, Rel 6
TOSS 4 STIG Benchmark – Ver 1, Rel 3

Unclassified HBSS STIGs:

Trellix Application Control 8.x STIG – Ver 2, Rel 2

DISA releases the Apple macOS 14 Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Apple macOS 14 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Microsoft Exchange 2019 Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the Microsoft Exchange 2019 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide (STIG), which is effective immediately upon release.

 

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at <a href=”https://cyber.mil/stigs/downloads/”>https://cyber.mil/stigs/downloads/</a>. The STIG is also available on the Cyber Exchange public site at <a href=”ttps://public.cyber.mil/stigs/downloads”>https://public.cyber.mil/stigs/downloads</a>.

&nbsp;

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide

The Defense Information Systems Agency recently approved the EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

PKI/PKE Announcements

Updated version of InstallRoot

This release includes bug fixes and updates to InstallRoot embedded TAMP messages.