General Cyber Exchange Announcements

Supplemental Automation Content has been updated for July 2020

This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.

The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/

For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/

McAfee Home Use Solutions

McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.

The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.

SRGs/STIGs Announcements

STIG Update-DISA releases the AvePoint DocAve 6 Security Technical Implementation Guide

The Defense Information Systems Agency recently released the AvePoint DocAve 6 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

GPO Update

Group Policy Objects (GPOs) have been updated for July 2022. See the Change Log document included in the zip file for additional information.

DISA risk management executive posted the GPOs for use by system administrators to ease the burden in securing systems within their environment.

The GPOs can be found on Cyber Exchange website on the Group Policy Objects tab located at https://cyber.mil/stigs/gpo/. For users who do not have a CAC that has DoD certificates, the GPO is also available from https://public.cyber.mil/stigs/gpo/.

List of GPOs currently in the package:

Office Products

Access 2013

Access 2016

Excel 2013

Excel 2016

InfoPath 2013

Lync 2013

Office 365 ProPlus

Office System 2013

Office System 2016

OneDrive for Business 2016

OneNote 2013

OneNote 2016

Outlook 2013

Outlook 2016

PowerPoint 2013

PowerPoint 2016

Project 2013

Project 2016

Publisher 2013

Publisher 2016

SharePoint 2010

SharePoint Designer 2013

Skype for Business 2016

Visio 2013

Visio 2016

Word 2013

Word 2016

Browsers

Edge

Google Chrome

Internet Explorer 11

Antivirus

Windows Defender AV

Adobe Acrobat

Adobe Acrobat Pro DC Continuous

Adobe Acrobat Reader DC Continuous

Operating Systems

Windows 10

Windows Firewall

Windows 2012 R2 DC

Windows 2012 R2 MS

Windows Server 2016 (MS and DC)

Windows Server 2019 (MS and DC)

DISA has released updates to the SRG/STIG Library Compilations

These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update.

STIG Update: DISA releases the Microsoft Windows 11 Security Technical Implementation Guide

The Defense Information Systems Agency recently released the Microsoft Windows 11 Security Technical Implementation Guide (STIG), which is effective immediately upon release.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA has released the following updated Security Guidance, Security Readiness Review Scripts, Supplemental Automation Content, and Benchmarks:

Unclassified Application STIGs and SRGs: 

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security

Crunchy Data PostgreSQL STIG – Ver 2, Rel 1

Database SRG – Ver 3, Rel 3

EDB Postgres Advanced Server v11 for Windows STIG – Ver 2, Rel 2

EDB Postgres Advanced Server STIG – Ver 2, Rel 2

Kubernetes STIG – Ver 1, Rel 6

Mozilla Firefox STIG – Ver 6, Rel 3

Microsoft Edge STIG – Ver 1, Rel 5

Microsoft Exchange 2016 STIG

Microsoft Internet Explorer 11 STIG – Ver 2, Rel 2

Microsoft IIS 10.0 STIG

Microsoft IIS 8.5 STIG

Microsoft Office 365 ProPlus STIG – Ver 2, Rel 6

Oracle Database 12c STIG – Ver 2, Rel 5

PostgreSQL 9.x STIG – Ver 2, Rel 3

Unclassified Mobility STIGs and SRGs:

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility

Apple iOS/iPadOS 15 STIG – Ver 1, Rel 3

Samsung Android 12 with Knox 3.x STIG

Samsung SDS EMM STIG – Ver 1, Rel 3

 

Unclassified Network STIGs and SRGs: 

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless

Cisco IOS Router STIG

Cisco IOS Switch STIG

Cisco IOS XE Router STIG

Cisco IOS XE Switch STIG

Fortinet FortiGate Firewall STIG

Juniper Router STIG

NetApp ONTAP DSC 9.X STIG – Ver 1, Rel 2

Network Infrastructure Policy STIG – Ver 10, Rel 3

Splunk Enterprise 8.x For Linux STIG – Ver 1, Rel 3

Trend Micro TippingPoint STIG

Unclassified Operating System STIGs and SRGs: 

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems

General Purpose Operating System SRG – Ver 2, Rel 4

Apple macOS 12 (Monterey) STIG – Ver 1, Rel 3

Apple OS X 10.15 STIG – Ver 1, Rel 9

Canonical Ubuntu 18.04 LTS STIG – Ver 2, Rel 8

Canonical Ubuntu 20.04 LTS STIG – Ver 1, Rel 5

IBM AIX 7.x STIG – Ver 2, Rel 6

IBM z/OS STIG

Oracle Linux 7 STIG – Ver 2, Rel 8

Oracle Linux 8 STIG – Ver 1, Rel 3

Red Hat Enterprise Linux 7 STIG – Ver 3, Rel 8

Red Hat Enterprise Linux 8 STIG – Ver 1, Rel 7

SUSE Linux Enterprise Server 12 STIG – Ver 2, Rel 7

SUSE Linux Enterprise Server 15 STIG – Ver 1, Rel 7

VMware vSphere 6.7 STIG

zOS ACF2 Products – Ver 6, Rel 54

zOS RACF Products – Ver 6, Rel 54

zOS TSS Products – Ver 6, Rel 54

Supplemental Automation Content:

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content

Canonical Ubuntu 18.04 LTS STIG for Ansible – Ver 2, Rel 8

Canonical Ubuntu 20.04 LTS STIG for Ansible – Ver1, Rel 5

Red Hat Enterprise Linux 7 STIG for Ansible – Ver 3, Rel 8

Red Hat Enterprise Linux 7 STIG for Chef – Ver 3, Rel 8

Red Hat Enterprise Linux 8 STIG for Ansible – Ver 1, Rel 7

 

Sunset:

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset

 

Sunset – Samsung Android OS9 Knox 3.x STIG

Sunset – Video Services Policy STIG  – Ver 1, Rel 12

Sunset – Voice Video Endpoint SRG – Ver 2, Rel 2

Sunset – Voice Video Services Policy Security STIG – Ver 3, Rel 18

Sunset – Voice Video Session Management SRG – Ver 2, Rel 2

Sunset – Voice/Video over Internet Protocol (VVoIP) STIG – Ver 3, Rel 15

Benchmarks:

https://cyber.mil/stigs/downloads/?_dl_facet_stigs=scap

https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=scap

Canonical Ubuntu 18.04 LTS STIG Benchmark – Ver 2, Rel 7

Canonical Ubuntu 20.04 LTS STIG Benchmark – Ver 1, Rel 3

Cisco IOS-XE Router NDM STIG Benchmark – Ver 1, Rel 4

Mozilla Firefox for Linux STIG Benchmark – Ver 6, Rel 2

Mozilla Firefox for Windows STIG Benchmark – Ver 6, Rel 2

Microsoft Internet Explorer 11 STIG Benchmark – Ver 2, Rel 2

Microsoft Windows 10 STIG Benchmark – Ver 2, Rel 5

Oracle Linux 7 STIG Benchmark – Ver 2, Rel 8

Oracle Linux 8 STIG Benchmark – Ver 1, Rel 2

Red Hat Enterprise Linux 7 STIG Benchmark – Ver 3, Rel 8

Red Hat Enterprise Linux 8 STIG Benchmark – Ver 1, Rel 6

SUSE Linux Enterprise Server 12 STIG Benchmark – Ver 2, Rel 7

SUSE Linux Enterprise Server 15 STIG Benchmark – Ver 1, Rel 2

DISA releases SUSE Linux Enterprise Server 15 STIG with Ansible

The Defense Information Systems Agency recently released the SUSE Linux Enterprise Server 15 Security Technical Implementation Guide (STIG) with Ansible. This content is published as a resource to assist in the application of security guidance to systems.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the file from the DOD Cyber Exchange website at https://cyber.mil/stigs/supplemental-automation-content/. The file is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/supplemental-automation-content/.

Users who are unable to find and download the content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

The Defense Information Systems Agency has issued a pre-release version of the STIG Applicability Guide for Linux and Windows

Program managers are requesting feedback about this beta version, which can be submitted to disa.stig_spt@mail.mil.

The purpose of this tool is to help the SRG/STIG user community determine what SRGs and/or STIGs apply to a particular situation or information system and generate a fully formatted document containing a collection of applicable SRGs and STIGs.

The SRG/STIG Applicability Guide is updated periodically to address the most recent SRG/STIG releases and sunset products.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DoD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/srg-stig-tools under the “SRG-STIG Applicability Guide (BETA)” section. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/srg-stig-tools.

Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Mozilla Firefox V6R1 Security Technical Implementation Guide benchmarks

The Defense Information Systems Agency recently released the automated benchmarks for the Mozilla Firefox Security Technical Implementation Guide (STIG) for Linux and Windows. These are effective immediately upon release.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the benchmarks from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The benchmarks are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the benchmarks or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

Release of SCC 5.5

The SCC Development Team is pleased to announce the release of SCC 5.5. The binaries will be available at:

https://public.cyber.mil/stigs/scap/ in the SCAP Tools section.
https://cyber.mil/stigs/scap/ in the SCAP Tools section.
https://cyber.smil.mil/stigs/scap/ in the SCAP Tools section.

Primary changes from 5.4.2 to 5.5:

For All Platforms
• Updated DISA STIG SCAP content
• Added option to allow automatically whitelisting SCC for scanning STIG compliant RHEL8 via SSH
• Added command line –ssh to start SSH based UNIX/Cisco scans (although GUI is still requires for host/credential management)
• Improved command line parameters to have human readable aliases
• Improved support for OCIL questionnaires in preparation for future usage
• Improved support for XCCDF Tailoring, as the replacement for Deviations and the Unlocker
• Numerous internal changes in preparation for SCAP 1.3 independent validation

For Windows
• Added ability to run SCC as a non-administrator to perform SSH UNIX and Cisco based scans

For all UNIX
• Updated installations to be smaller in size and quicker startup times

For Linux
• Added support for arm64 based Debian/Ubuntu
• Added support for aarch64 based RHEL/Oracle linux

For Mac OS X
• Updated NIST developed SCAP content for Mac OS X 10.15, 11, 12

DISA releases revised Microsoft Windows STIGs

The Defense Information Systems Agency has released the following out-of-cycle Security Technical Implementation Guide (STIG) and benchmark updates, which become effective immediately upon release:

Microsoft Defender Antivirus STIG – Ver 2, Rel 4
Microsoft Windows 10 STIG – Ver 2, Rel 4
Microsoft Windows 2012 and 2012 R2 DC STIG – Ver 3, Rel 4
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 3, Rel 4
Microsoft Windows 2012 Server Domain Name System (DNS) STIG – Ver 2, Rel 5
Microsoft Windows Privileged Access Workstation (PAW) STIG – Ver 2, Rel 2
Microsoft Windows Server 2016 STIG – Ver 2, Rel 4
Microsoft Windows Server 2019 STIG – Ver 2, Rel 4

Microsoft Defender Antivirus STIG Benchmark – Ver 2, Rel 3
Microsoft Windows 10 STIG Benchmark – Ver 2, Rel 4
Microsoft Windows Server 2012 and 2012 R2 DC STIG Benchmark – Ver 3, Rel 3
Microsoft Windows Server 2012 and 2012 R2 MS STIG Benchmark – Ver 3, Rel 3
Microsoft Windows Server 2016 STIG Benchmark – Ver 2, Rel 2
Microsoft Windows Server 2019 STIG Benchmark – Ver 2, Rel 2

The Group Policy Objects file also reflects these STIG updates.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the files can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA releases the Oracle Linux 8 STIG SCAP benchmark

The Defense Information Systems Agency recently released the automated benchmark for the Oracle Linux 8 Security Technical Implementation Guide (STIG) Security Content Automation Protocol (SCAP) benchmark, which is effective immediately upon release.

Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the benchmark from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

Users who are unable to find and download the benchmark or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.

DISA has released updates to the SRG/STIG Library Compilations

These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update.

PKI/PKE Announcements

New WCF CAs released - Certificate Bundle v5.13

The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.13.