General Cyber Exchange Announcements

Supplemental Automation Content has been updated for July 2020

This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.

The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/

For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/

McAfee Home Use Solutions

McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.

The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.

SRGs/STIGs Announcements

STIG Update - Group Policy Objects have been updated

Group Policy Objects (GPOs) have been updated to include Microsoft Edge and to revise the Google Chrome files. See the Change Log document included in the zip file for additional information.

The DISA Risk Management Executive posts the GPOs for use by system administrators to ease the burden in securing systems within their environment.

The GPOs can be found on the Cyber Exchange website on the Group Policy Objects tab at https://cyber.mil/stigs/gpo/. For users who do not have a CAC that has DoD Certificates, the GPO is also available from https://public.cyber.mil/stigs/gpo/.

DISA Has Released the Microsoft Edge STIG

DISA has released the Microsoft Edge Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

DISA has released STIG Viewer Version 2.12

DISA has released STIG Viewer Version 2.12.  This latest version of STIG Viewer is available at https://public.cyber.mil/stigs/srg-stig-tools/.

To accommodate rule identifier changes, this version of the STIG viewer allows for more flexible rule matching when importing data. These settings have been enabled by default, but may be disabled in Preferences. Consult section 2.2.4 (“Options”) of the User Guide for additional information

For all STIG/SRG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil.

STIG Update - DISA Has Released Latest STIG Applicability Guides

DISA has released the latest STIG Applicability Guides for Linux, Mac, and Windows. The purpose of this tool is to assist the SRG/STIG user community in determining what SRGs and/or STIGs apply to a particular situation or information system and to create a fully formatted document containing a “collection” of SRGs and STIGs applicable to the situation being addressed.

The SRG/STIG Applicability Guide is updated periodically to address the most recent new SRG/STIG releases and sunset products.

Customers who have a CAC that has DoD Certificates can obtain the files at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the files are also available from https://public.cyber.mil/stigs/downloads/.

If you are not able to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the guide content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

DISA has released the following guidance: How to Create an SRG/STIG ID Mapping Spreadsheet

To provide increased flexibility for the future, DISA has updated the systems that produce STIGs and SRGs. This has resulted in a modification to Group and Rule IDs (Vul and Subvul IDs).

Spreadsheets that mapped these new IDs to the “legacy” IDs were provided for end users during the October 2020 Quarterly Release. Although these spreadsheets are no longer being provided as of January 2021, users may create their own.

To create this spreadsheet, please refer to the How to Create an SRG-STIG ID Mapping Spreadsheet document.

For all questions related to STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

DISA has released the Infoblox 8.x DNS STIG

DISA has released the Infoblox 8.x DNS Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

DISA has released the SLES 15 Security Technical Implementation Guide (STIG).

DISA has released the SLES 15 Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

DISA has released the Honeywell Android 9.x Security Technical Implementation Guide (STIG)

The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

Group Policy Objects (GPOs) have been updated for January 2021

See the Change Log document included in the zip file for additional information.

DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.

The GPOs can be found on Cyber Exchange website on the Group Policy Objects tab located at https://cyber.mil/stigs/gpo/. For users who do not have a CAC that has DoD Certificates, the GPO is also available from https://public.cyber.mil/stigs/gpo/.

List of GPOs currently in the package:

Office Products
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office 365 ProPlus
Office System 2013
Office System 2016
OneDrive for Business 2016
OneNote 2013
OneNote 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
SharePoint 2010
SharePoint Designer 2013
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016

Browsers
Google Chrome
Internet Explorer 11

Antivirus
Windows Defender AV

Adobe Acrobat
Adobe Acrobat Pro DC Classic
Adobe Acrobat Pro DC Continuous
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous

Operating Systems
Windows 10
Windows 8/8.1
Windows Firewall
Windows 2008 R2 DC
Windows 2008 R2 MS
Windows 2012 R2 DC
Windows 2012 R2 MS
Windows Server 2016 (MS and DC)
Windows Server 2019 (MS and DC)

STIG Update - January 2021 Quarterly Release

DISA has released the following updated Security Guidance, Security Readiness Review Scripts, Supplemental Automation Content, and Benchmarks:

Unclassified Application STIGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security

Apache Server 2.4 UNIX STIG
Apache Tomcat Application Sever 9 STIG – Ver 2, Rel 2
Database SRG – Ver 3, Rel 1
Google Chrome STIG – Ver 2, Rel 2
Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG – Ver 2, Rel 1
Mozilla Firefox STIG – Ver 5, Rel 1
Microsoft .Net Framework 4.0 STIG – Ver 2, Rel 1
Microsoft Exchange 2013 STIG
Microsoft Exchange 2016 STIG
Microsoft SharePoint 2013 STIG – Ver 2, Rel 1
Microsoft SQL Server 2016 STIG
Tanium 7.3 STIG – Ver 2, Rel 1

Unclassified Mobility STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility
Blackberry UEM STIG – Ver 2, Rel 1

Unclassified Network STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless

BIND 9.x STIG – Ver 2, Rel 1
Cisco NX-OS Switch STIG
Firewall SRG – Ver 2, Rel 1
Infoblox 7.x DNS STIG – Ver 2, Rel 1
Juniper Router STIG
Router SRG – Ver 4, Rel 1
Voice Video Endpoint SRG – Ver 2, Rel 1
VPN SRG – Ver 2, Rel 2

Unclassified Operating System STIGs and Overviews:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems

Apple OS X 10.13 STIG – Ver 2, Rel 2
Apple OS X 10.14 STIG – Ver 2, Rel 2
Apple OS X 10.15 STIG – Ver 1, Rel 3
Canonical Ubuntu 16.04 LTS STIG – Ver 2, Rel 2
Canonical Ubuntu 18.04 LTS STIG – Ver 2, Rel 2
Oracle Linux 6 STIG – Ver 2, Rel 2
Oracle Linux 7 STIG – Ver 2, Rel 2
Red Hat Enterprise Linux 7 STIG – Ver 3, Rel 2
SUSE Linux Enterprise Server 12 STIG – Ver 2, Rel 2
Solaris 10 SPARC STIG – Ver 2, Rel 2
Solaris 10 X86 STIG – Ver 2, Rel 2
Solaris 11 SPARC STIG – Ver 2, Rel 2
Solaris 11 X86 STIG – Ver 2, Rel 2
VMware vSphere 6.5 STIG
z/OS STIG
z/OS ACF2 Products – Ver 6, Rel 48
z/OS RACF Products – Ver 6, Rel 48
z/OS TSS Products – Ver 6, Rel 48

FOUO HBSS STIGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=hbss

HBSS ePO 5.x STIG – Ver 2, Rel 2

Supplemental Automation Content:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=supplemental-automation-content

Red Hat Enterprise Linux 7 STIG for Ansible – Ver 3, Rel 2
Red Hat Enterprise Linux 7 STIG for Chef – Ver 3, Rel 2

Sunset:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset

Sunset – Apple OS/iPad OS 13 STIG – Ver 2, Rel 1
Sunset – Oracle JRE 8 Windows STIG – Ver 2, Rel 1
Sunset – Oracle Linux 5 STIG – Ver 2, Rel 1
Sunset – Red Hat Enterprise Linux 6 STIG – Ver 2, Rel 2

Benchmarks:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=scap
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=scap

Canonical Ubuntu 16.04 STIG Benchmark – Ver 2, Rel 2
Canonical Ubuntu 18.04 STIG Benchmark – Ver 2, Rel 1
Google Chrome for Windows STIG Benchmark – Ver 2, Rel 2
Mozilla Firefox STIG Configuration Files ¬- Ver 5, Rel 1
Mozilla Firefox for RHEL STIG Benchmark – Ver 5, Rel 1
Mozilla Firefox Windows STIG Benchmark – Ver 5, Rel 1
Microsoft .Net Framework 4 STIG Benchmark – Ver 2, Rel 1
Oracle Linux 7 STIG Benchmark – Ver 2, Rel 2
Red Hat Enterprise Linux 6 STIG Benchmark – Ver 2, Rel 2
Red Hat Enterprise Linux 7 STIG Benchmark – Ver 3, Rel 2
SUSE Linux Enterprise Server 12 STIG Benchmark – Ver 2, Rel 2
Solaris 10 SPARC STIG Benchmark – Ver 2, Rel 2
Solaris 10 x86 STIG Benchmark – Ver 2, Rel 2
Solaris 11 SPARC STIG Benchmark – Ver 2, Rel 2
Solaris 11 X86 STIG Benchmark – Ver 2, Rel 2
z/OS SRR Scripts – Ver 6, Rel 48

Request for Comments - DISA Has Released the Draft Cisco ASA STIG for Review

DISA has released the Draft Cisco ASA Security Technical Implementation Guide (STIG) for review.

Customers who have a CAC with DoD Certificates can submit comments, recommended changes, and/or additions to the draft STIG by 27 January 2021 on the Comment Matrix spreadsheet, located with the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC with DoD Certificates, the Comment Matrix spreadsheet is located with the STIG at https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the STIG in the subject line of your email.

PKI/PKE Announcements

New WCF CAs released - Certificate Bundle v5.10

The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.10.