DISA has posted the latest Red Hat Enterprise Linux (RHEL) 7 content for testing new Security Technical Implementation Guide (STIG) Group and Rule IDs.

As noted previously, to provide increased flexibility for the future, DISA is updating the systems that produce Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs). The initial modification will be to change Group and Rule IDs (Vul and Subvul IDs). The previous Group and Rule IDs will be retained through the update as “legacy” IDs, presented as XCCDF ident elements. See the example below:

<Group id="V-204392">
    <title>SRG-OS-000257-GPOS-00098</title>
    <description>…</description>
    <Rule id="SV-204392r85825_rule" weight="10.0" severity="high">
      <version>RHEL-07-010010</version>
      <title>The Red Hat Enterprise Linux operating system must be configured so that the 
      file permissions, ownership, and group membership of system files and commands match 
      the vendor values.</title>
      <description>…</description>
      <reference>…</reference>
      <ident system="http://cyber.mil/legacy">SV-86473</ident>
      <ident system="http://cyber.mil/legacy">V-71849</ident>
      <ident system="http://cyber.mil/cci">CCI-001494</ident>
      <ident system="http://cyber.mil/cci">CCI-001496</ident>
      <ident system="http://cyber.mil/cci">CCI-002165</ident>
      <ident system="http://cyber.mil/cci">CCI-002235</ident>

These updates will necessitate a new version number for every STIG as it is converted to the new format. For example, if the old version/release of a STIG is V2R6, the updated version/release will be V3R1.

DISA has posted two manual STIGs (Windows Server 2019 and Red Hat Enterprise Linux 7) on DoD Cyber Exchange in the new format for review and testing, along with associated automated benchmarks. A new XSL stylesheet is included in the STIGs to handle the “legacy” identifiers. The next release of STIG Viewer will also be able to handle the “legacy” identifiers.

The STIG files each include a spreadsheet that maps the legacy Group ID, legacy Rule ID, and STIG ID to the new Rule ID.

To review the new format, go to https://public.cyber.mil/stigs/downloads/ and search for the following items:

• Microsoft Windows Server 2019 TEST STIG – Ver 2, Rel 0.3
• Microsoft Windows Server 2019 TEST STIG Benchmark – Ver 2, Rel 0.3
• Red Hat Enterprise Linux 7 TEST STIG – Ver 3, Rel 0.4
• Red Hat Enterprise Linux 7 TEST STIG Benchmark – Ver 3, Rel 0.4

If you have any comments after reviewing these samples, please email them to disa.stig_spt@mail.mil and note in the subject line STIG Testing Comments.

DISA has released the Oracle Linux 7 Security Technical Implementation Guide (STIG), Version 1, Release 1. The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

DISA has released the BlackBerry UEM 12.11 Security Technical implementation Guide (STIG). The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are not able to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.