General Cyber Exchange Announcements
Supplemental Automation Content has been updated for July 2020
This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.
The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/
For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/
McAfee Home Use Solutions
McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.
The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.
SRGs/STIGs Announcements
DISA releases the CA IDMS Security Technical Implementation Guide
The Defense Information Systems Agency recently released the CA IDMS Security Technical Implementation Guide (STIG), which is effective immediately upon release.
Customers that possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases revised Microsoft Windows STIGs
The Defense Information Systems Agency has released the following out-of-cycle Security Technical Implementation Guide (STIG) and benchmark updates, which become effective immediately upon release:
Active Directory Domain STIG – Ver 3, Rel 1
Microsoft OneDrive STIG – Ver 2, Rel 2
Microsoft Windows 10 STIG – Ver 2, Rel 3
Microsoft Windows 2012 and 2012 R2 DC STIG – Ver 3, Rel 3
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 3, Rel 3
Microsoft Windows 2012 Server Domain Name Server (DNS) STIG – Ver 2, Rel 4
Microsoft Windows Defender Antivirus STIG – Ver 2, Rel 3
Microsoft Windows Firewall STIG – Ver 2, Rel 1
Microsoft Windows Privileged Access Workstation (PAW) STIG – Ver 2, Rel 1
Microsoft Windows Server 2016 STIG – Ver 2, Rel 3
Microsoft Windows Server 2019 STIG – Ver 2, Rel 3
Microsoft Windows 10 STIG Benchmark – Ver 2, Rel 3
Microsoft Windows Defender Antivirus STIG Benchmark – Ver 2, Rel 2
Microsoft Windows Firewall STIG Benchmark – Ver 2, Rel 1
Microsoft Windows Server 2012 and 2012 R2 DC STIG Benchmark – Ver 3, Rel 2
Microsoft Windows Server 2012 and 2012 R2 MS STIG Benchmark – Ver 3, Rel 2
The General Purpose Operating System Security Requirements Guide (SRG), Ver 2, Rel 2, is also being released in this out-of-cycle update.
Customers who possess a Common Access Card (CAC) that has valid Department of Defense (DOD) certificates can obtain the files from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The files are also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.
Users who are unable to find and download the files can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
Request for Comments - DISA Has Released the Draft SLES 15 STIG SCAP Benchmark for Review
DISA has released the Draft SLES 15 Security Technical Implementation Guide (STIG) SCAP Benchmark for review.
Customers with a CAC that has DOD certificates can submit comments, recommended changes, and/or additions to the draft benchmark by 01 December 2021 on the Comment Matrix spreadsheet, located with the benchmark at https://cyber.mil/stigs/downloads/.
For those without a CAC that has DOD certificates, the Comment Matrix spreadsheet is located with the benchmark at https://public.cyber.mil/stigs/downloads/.
If you are unable to find and download the content, please report the issue to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
Please email comments to disa.stig_spt@mail.mil and include the title and version of the benchmark in the subject line.
Group Policy Objects (GPOs) have been updated for October 2021.
Group Policy Objects (GPOs) have been updated for October 2021. See the Change Log document included in the zip file for additional information.
DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.
The GPOs can be found on Cyber Exchange website on the Group Policy Objects tab located at https://cyber.mil/stigs/gpo/. For users who do not have a CAC that has DoD certificates, the GPO is also available from https://public.cyber.mil/stigs/gpo/.
List of GPOs currently in the package:
Office Products
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office 365 ProPlus
Office System 2013
Office System 2016
OneDrive for Business 2016
OneNote 2013
OneNote 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
SharePoint 2010
SharePoint Designer 2013
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016
Browsers
Edge
Google Chrome
Internet Explorer 11
Antivirus
Windows Defender AV
Adobe Acrobat
Adobe Acrobat Pro DC Continuous
Adobe Acrobat Reader DC Continuous
Operating Systems
Windows 10
Windows Firewall
Windows 2012 R2 DC
Windows 2012 R2 MS
Windows Server 2016 (MS and DC)
Windows Server 2019 (MS and DC)
DISA has released updates to the SRG/STIG Library Compilations.
These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update.
STIG Update - DISA Has Released the Apple iOS/iPad OS 15 STIG
DISA has released the Apple iOS/iPad OS 15 Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.
Customers with a CAC that has DOD certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.
For those without a CAC that has DOD certificates, the STIG is available from https://public.cyber.mil/stigs/downloads/.
If you are unable to find and download the content, please report issues to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
STIG Update - DISA Has Released the Microsoft Edge STIG Benchmark
DISA has released the automated benchmark for the Microsoft Edge Security Technical Implementation Guide (STIG). The requirements of the benchmark become effective immediately.
Customers with a CAC that has DOD certificates can obtain the benchmark at https://cyber.mil/stigs/downloads/.
For those without a CAC that has DOD certificates, the benchmark is available from https://public.cyber.mil/stigs/downloads/.
If you are unable to find and download the content, please report the issue to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the benchmark content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
STIG Update - DISA Has Released the Google Android 12 STIG
DISA has released the Google Android 12 Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.
Customers with a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.
For those without a CAC that has DoD Certificates, the STIG is available from https://public.cyber.mil/stigs/downloads/.
If you are unable to find and download the content, please report issues to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
STIG Update - DISA Has Released the Ivanti MobileIron Sentry 9.x STIG
DISA has released the Ivanti MobileIron Sentry 9.x Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.
Customers with a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.
For those without a CAC that has DoD Certificates, the STIG is available from https://public.cyber.mil/stigs/downloads/.
If you are unable to find and download the content, please report issues to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
DISA has released the following updated Security Guidance, Security Readiness Review Scripts, Supplemental Automation Content, and Benchmarks
Unclassified Application STIGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
- Kubernetes STIG – Version 1, Release 3
- Microsoft Edge STIG – Version 1, Release 3
- Microsoft IIS 10.0 STIG
- Microsoft IIS 8.5 STIG
- Microsoft Internet Explorer 11 STIG – Version 2, Release 1
- Microsoft SharePoint 2013 STIG – Version 2, Release 2
- Microsoft SQL Server 2016 STIG
- Oracle 11.2g Database STIG – Version 2, Release 2
- Oracle Database 12c STIG – Version 2, Release 2
Unclassified Network STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
- Cisco IOS-XE Router STIG
- Cisco IOS-XE Switch STIG
- Cisco ISE STIG
- Cisco NX-OS Switch STIG
- Forescout STIG
- Virtual Private Network SRG – Version 2, Release 4
Unclassified Operating System STIGs and Overviews:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
- Apple macOS 11 (Big Sur) STIG – Version 1, Release 4
- Apple OS X 10.15 STIG – Version 1, Release 6
- Canonical Ubuntu 18.04 LTS STIG – Version 2, Release 5
- Canonical Ubuntu 20.04 LTS STIG – Version 1, Release 2
- IBM z/OS STIG
- Oracle Linux 6 STIG – Version 2, Release 5
- Oracle Linux 7 STIG – Version 2, Release 5
- Red Hat Enterprise Linux 7 STIG – Version 3, Release 5
- Red Hat Enterprise Linux 8 STIG – Version 1, Release 4
- Solaris 11 SPARC STIG – Version 2, Release 5
- Solaris 11 x86 STIG – Version 2, Release 5
- SUSE Linux Enterprise Server (SLES) 12 STIG – Version 2, Release 5
- SUSE Linux Enterprise Server (SLES) 15 STIG – Version 1, Release 4
- VMware vSphere 6.5 STIG
- z/OS ACF2 Products – Ver 6, Rel 51
- z/OS RACF Products – Ver 6, Rel 51
- z/OS TSS Products – Ver 6, Rel 51
Supplemental Automation Content:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content
- Canonical Ubuntu 18.04 LTS STIG for Ansible – Ver 2, Rel 5
- Cisco IOS XE Router NDM RTR STIG for Ansible – Ver 2, Rel 3
- Red Hat Enterprise Linux 7 STIG for Ansible – Ver 3, Rel 5
- Red Hat Enterprise Linux 7 STIG for Chef – Ver 3, Rel 5
- Red Hat Enterprise Linux 8 STIG for Ansible – Ver 1, Rel 4
Sunset:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
- Sunset – Oracle Database 11g STIG – Version 9, Release 1
- Sunset – VMware ESXi 5 Server STIG – Version 2, Release 1
- Sunset – VMware ESXi 5 vCenter Server STIG – Version 2, Release 1
- Sunset – VMware ESXi 5 Virtual Machine STIG – Version 2, Release 1
- Sunset – McAfee VirusScan 8.8 Local Client STIG Benchmark – Version 1, Release 4
Benchmarks:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=scap
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=scap
- Canonical Ubuntu 18.04 Benchmark – Version 2, Release 4
- Cisco IOS XE Router NDM Benchmark – Version 1, Release 2
- MS Internet Explorer 11 STIG Benchmark – Version 2, Release 1
- Oracle Linux 7 STIG Benchmark – Version 2, Release 5
- RHEL 7 STIG Benchmark, Version 3, Release 5
- RHEL 8 STIG Benchmark, Version 1, Release 3
- SLES 12 STIG Benchmark – Version 2, Release 5
- z/OS SRR Scripts – Ver 6, Rel 51
STIG Update - DISA Has Released the Fortinet FortiGate Firewall STIG
DISA has released the Fortinet Fortigate Firewall Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.
Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.
For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.
If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
STIG Update - DISA Has Released the IBM WebSphere Liberty Server STIG
DISA has released the IBM WebSphere Liberty Server Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.
Customers with a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.
For those without a CAC that has DoD Certificates, the STIG is available from https://public.cyber.mil/stigs/downloads/.
If you are unable to find and download the content, please report issues to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
PKI/PKE Announcements
New WCF CAs released - Certificate Bundle v5.12
The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.12.