General Cyber Exchange Announcements
Supplemental Automation Content has been updated for July 2020
This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.
The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/
For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/
McAfee Home Use Solutions
McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.
The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.
SRGs/STIGs Announcements
Supplemental Automation Content has been updated for July 2020
This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.
The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/
For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/
DISA Has Released the Microsoft Office 2016 Security Technical Implementation Guide Benchmarks
The Benchmarks become effective immediately.
Customers who have a CAC that has DoD Certificates can obtain the STIG Benchmarks at https://cyber.mil/stigs/scap/.
For those who do not have a CAC that has DoD Certificates, the STIG Benchmarks are also available from https://public.cyber.mil/stigs/scap/.
If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
DISA has released updates to the SRG/STIG Library Compilations
These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update. Compilations can be downloaded at https://public.cyber.mil/stigs/compilations/.
DISA Has Released the BlackBerry UEM STIG, V1R1
DISA has released the BlackBerry UEM Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.
Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.
For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.
If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
Group Policy Objects (GPOs) have been updated for July 2020.
See the Change Log document included in the zip file for additional information.
DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.
The GPOs can be found on Cyber Exchange website on the Group Policy Objects tab located at https://cyber.mil/stigs/gpo/. For users who do not have a CAC that has DoD Certificates, the GPO is also available from https://public.cyber.mil/stigs/gpo/.
List of GPOs currently in the package:
Office Products
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office 365 ProPlus
Office System 2013
Office System 2016
OneDrive for Business 2016
OneNote 2013
OneNote 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
SharePoint 2010
SharePoint Designer 2013
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016
Browsers
Google Chrome
Internet Explorer 11
Antivirus
Windows Defender AV
Adobe Acrobat
Adobe Acrobat Pro DC Classic
Adobe Acrobat Pro DC Continuous
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Operating Systems
Windows 10
Windows 8/8.1
Windows Firewall
Windows 2008 R2 DC
Windows 2008 R2 MS
Windows 2012 R2 DC
Windows 2012 R2 MS
Windows Server 2016 (MS and DC)
Windows Server 2019 (MS and DC)
DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks
Unclassified Application STIGs :
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
Apache Server 2.4 UNIX STIG
Apache Server 2.4 Windows STIG
Application Security and Development STIG – Ver 4, Rel 11
Google Chrome STIG – Ver 1, Rel 19
Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG – Ver 1, Rel 5
Microsoft Exchange 2016 STIG
Microsoft IIS 10.0 STIG
Microsoft IIS 8.5 STIG
Microsoft Internet Explorer 11 STIG – Ver 1, Rel 19
Microsoft Office 365 ProPlus STIG – Ver 1, Rel 2
Microsoft SharePoint 2013 STIG – Ver 1, Rel 9
Microsoft SQL Server 2016 STIG
MongoDB Enterprise Advanced 3.x STIG – Ver 1, Rel 2
Mozilla Firefox STIG – Ver 4, Rel 29
Oracle 11.2g Database STIG – Ver 1, Rel 19
Oracle Database 12c STIG – Ver 1, Rel 18
Oracle HTTP Server 12.1.3 STIG – Ver 1, Rel 7
Unclassified Mobility STIGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility
BlackBerry Enterprise Mobility Server (BEMS) 2.x STIG – Ver 1, Rel 3
Samsung Android OS 9 with Knox 3.x STIG
Unclassified Network STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
Arista MLS DCS-7000 Series STIG
Central Log Server SRG – Ver 1, Rel 4
Cisco IOS Router STIG
Cisco IOS-XE Router STIG
Cisco IOS-XR Router STIG
F5 BIG-IP 11.x STIG
Firewall SRG – Ver 1, Rel 5
HP FlexFabric Switch STIG
Intrusion Detection and Prevention System Technology SRG – Ver 2, Rel 6
Juniper Router STIG
Microsoft Windows 2012 Server DNS STIG – Ver 1, Rel 15
Network Device Management SRG – Ver 3, Rel 4
Router SRG – Ver 3, Rel 6
Voice Video Endpoint SRG – Ver 1, Rel 11
Voice Video Session Management SRG – Ver 1, Rel 7
Unclassified Operating System STIGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
Apple OS X 10.13 STIG – Ver 1, Rel 6
Apple OS X 10.14 STIG – Ver 1, Rel 4
Canonical Ubuntu 16.04 LTS STIG – Ver 1, Rel 5
Canonical Ubuntu 18.04 LTS STIG – Ver 1, Rel 2
z/OS ACF2 Products – Ver 6, Rel 46
z/OS RACF Products – Ver 6, Rel 46
z/OS STIG – Ver 7, Rel 3
z/OS TSS Products – Ver 6, Rel 46
Oracle Linux 6 STIG – Ver 1, Rel 19
Oracle Linux 7 STIG – Ver 1, Rel 2
Red Hat Enterprise Linux 6 STIG – Ver 1, Rel 26
Red Hat Enterprise Linux 7 STIG – Ver 2, Rel 8
Solaris 11 SPARC STIG – Ver 1, Rel 22
Solaris 11 X86 STIG – Ver 1, Rel 22
SUSE Linux Enterprise Server 12 STIG – Ver 1, Rel 6
Benchmarks:
https://cyber.mil/stigs/scap/
Canonical Ubuntu 16.04 STIG Benchmark – Ver 1, Rel 2
Google Chrome for Windows STIG Benchmark – Ver 1, Rel 15
Microsoft Internet Explorer 11 STIG Benchmark – Ver 1, Rel 15
Microsoft .Net Framework 4 STIG Benchmark – Ver 1, Rel 8
Mozilla Firefox STIG Configuration Files – Ver 1, Rel 4
Mozilla Firefox for RHEL STIG Benchmark – Ver 1, Rel 7
Mozilla Firefox Windows STIG Benchmark – Ver 1, Rel 6
Oracle Linux 7 STIG Benchmark – Ver 1, Rel 2
Red Hat Enterprise Linux 6 STIG Benchmark – Ver 1, Rel 28
Red Hat Enterprise Linux 7 STIG Benchmark – Ver 2, Rel 8
Solaris 10 SPARC STIG Benchmark – Ver 1, Rel 24
Solaris 10 x86 STIG Benchmark – Ver 1, Rel 25
Solaris 11 SPARC STIG Benchmark – Ver 1, Rel 15
Solaris 11 X86 STIG Benchmark – Ver 1, Rel 15
SUSE Linux Enterprise Server 12 STIG Benchmark – Ver 1, Rel 2
Sunset STIGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
Sunset – Samsung Android OS 8 with Knox 3.x STIG
Supplemental Automation Content has been updated for June 2020
This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.
The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at: https://cyber.mil/stigs/supplemental-automation-content/. For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from https://public.cyber.mil/stigs/supplemental-automation-content/.
The following content has been updated:
Ansible Content:
Cisco IOS XE Router NDM and RTR STIG for Ansible – Ver 1, Rel 2
Docker Enterprise 2.x Linux/Unix STIG for Ansible – Ver 1, Rel 1
Red Hat Enterprise Linux 7 STIG for Ansible – Ver 2, Rel 3
VMware vSphere 6.5 STIG for Ansible – Ver 1, Rel 2
Chef Content:
Red Hat Enterprise Linux 7 STIG for Chef – Ver 2, Rel 3
Microsoft Windows Server 2016 STIG for Chef – Ver 1, Rel 3
Microsoft Windows Server 2019 STIG for Chef – Ver 1, Rel 2
PowerShell DSC Content:
Microsoft Windows Server 2016 STIG for PowerShell DSC – Ver 1, Rel 3
Security Compliance Checker (SCC) Survey
The Naval Information Warfare Center (NIWC) has posted a survey for the Security Compliance Checker (SCC) tool to gather feedback from the field on use cases and suggested improvements.
The survey is located at https://www.research.net/r/SSCAssessment2020.
DISA has released updates to the SRG/STIG Library Compilations
These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update.
DISA Posts Revised Files to Test New STIG Group and Rule IDs
DISA has posted the latest Red Hat Enterprise Linux (RHEL) 7 content for testing new Security Technical Implementation Guide (STIG) Group and Rule IDs.
As noted previously, to provide increased flexibility for the future, DISA is updating the systems that produce Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs). The initial modification will be to change Group and Rule IDs (Vul and Subvul IDs). The previous Group and Rule IDs will be retained through the update as “legacy” IDs, presented as XCCDF ident elements. See the example below:
<Group id="V-204392">
<title>SRG-OS-000257-GPOS-00098</title>
<description>…</description>
<Rule id="SV-204392r85825_rule" weight="10.0" severity="high">
<version>RHEL-07-010010</version>
<title>The Red Hat Enterprise Linux operating system must be configured so that the
file permissions, ownership, and group membership of system files and commands match
the vendor values.</title>
<description>…</description>
<reference>…</reference>
<ident system="http://cyber.mil/legacy">SV-86473</ident>
<ident system="http://cyber.mil/legacy">V-71849</ident>
<ident system="http://cyber.mil/cci">CCI-001494</ident>
<ident system="http://cyber.mil/cci">CCI-001496</ident>
<ident system="http://cyber.mil/cci">CCI-002165</ident>
<ident system="http://cyber.mil/cci">CCI-002235</ident>
These updates will necessitate a new version number for every STIG as it is converted to the new format. For example, if the old version/release of a STIG is V2R6, the updated version/release will be V3R1.
DISA has posted two manual STIGs (Windows Server 2019 and Red Hat Enterprise Linux 7) on DoD Cyber Exchange in the new format for review and testing, along with associated automated benchmarks. A new XSL stylesheet is included in the STIGs to handle the “legacy” identifiers. The next release of STIG Viewer will also be able to handle the “legacy” identifiers.
The STIG files each include a spreadsheet that maps the legacy Group ID, legacy Rule ID, and STIG ID to the new Rule ID.
To review the new format, go to https://public.cyber.mil/stigs/downloads/ and search for the following items:
- Microsoft Windows Server 2019 TEST STIG – Ver 2, Rel 0.3
- Microsoft Windows Server 2019 TEST STIG Benchmark – Ver 2, Rel 0.3
- Red Hat Enterprise Linux 7 TEST STIG – Ver 3, Rel 0.4
- Red Hat Enterprise Linux 7 TEST STIG Benchmark – Ver 3, Rel 0.4
If you have any comments after reviewing these samples, please email them to disa.stig_spt@mail.mil and note in the subject line STIG Testing Comments.
Microsoft Extends Windows 10, 1709, End of Life to 10/13/2020
Microsoft has announced the extension of Windows 10, version 1709, end of life to 13 October 2020. DISA will be updating the Windows 10 STIG with this information.
For more details, visit https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revised-end-of-service-date-for-windows-10-version-1709-october/ba-p/1239043.
DISA Has Released the Oracle Linux 7 STIG, V1R1
DISA has released the Oracle Linux 7 Security Technical Implementation Guide (STIG), Version 1, Release 1. The requirements of the STIG become effective immediately.
Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.
For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.
PKI/PKE Announcements
New WCF CAs released - Certificate Bundle v5.9
The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.9.