General Cyber Exchange Announcements
Supplemental Automation Content has been updated for July 2020
This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.
The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/
For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/
McAfee Home Use Solutions
McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.
The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.
SRGs/STIGs Announcements
July 2024 Quarterly Release Rev. 5 STIG Update
DISA recently released the following Security Guidance, Security Readiness Review Scripts, and Benchmarks that have been updated to comply with NIST 800-53 Rev. 5:
Note: The previous version of all STIGs updated for Rev. 5 will be retained in the Sunset – Rev 4 section of Cyber Exchange.
Unclassified Application STIGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
Apache Server 2.4 Unix Server STIG
Apache Server 2.4 Windows Server STIG
Apache Tomcat Application Server 9 STIG – Ver 3, Rel 1
Application Security and Development STIG – Ver 6, Rel 1
Application Server SRG – Ver 4, Rel 1
Container Platform SRG – Ver 2, Rel 1
Crunchy Data PostgreSQL STIG – Ver 3, Rel 1
Database SRG – Ver 4, Rel 1
EnterpriseDB Postgres Advanced Server (EPAS) STIG – Ver 2, Rel 1
Kubernetes STIG – Ver 2, Rel 1
MariaDB Enterprise 10.x STIG – Ver 2, Rel 1
MarkLogic Server v9 STIG – Ver 3, Rel 1
Microsoft Azure SQL Database STIG – Ver 2, Rel 1
Microsoft Edge STIG – Ver 2, Rel 1
Microsoft Exchange 2019 STIG
Microsoft IIS 10.0 Server STIG
Microsoft Office 365 ProPlus STIG – Ver 3, Rel 1
Microsoft SQL Server 2016 STIG
Mirantis Kubernetes Engine STIG – Ver 2, Rel 1
Oracle Database 12c STIG – Ver 3, Rel 1
Oracle MySQL 8.0 STIG – Ver 2, Rel 1
Palo Alto Networks Prisma Cloud Compute STIG – Ver 2, Rel 1
Rancher Government Solutions Multi-Cluster Manager STIG – Ver 2, Rel 1
Rancher Government Solutions RKE2 STIG – Ver 2, Rel 1
Red Hat Ansible Automation Controller STIG
Red Hat OpenShift Container Platform 4.12 STIG – Ver 2, Rel 1
Redis Enterprise 6.x STIG – Ver 2, Rel 1
Tanium 7.x STIG – Ver 2, Rel 1
Tanium 7.x TanOS STIG
Web Server SRG – Ver 4, Rel 1
Unclassified Mobility STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=mobility
Apple iOS/iPadOS 16 STIG – Ver 2, Rel 1
Apple iOS/iPadOS 17 STIG – Ver 2, Rel 1
Google Android 13 STIG
Google Android 14 STIG
Ivanti MobileIron Core MDM Server STIG – Ver 2, Rel 1
Ivanti MobileIron Sentry 9.x STIG
Jamf Pro v10.x EMM STIG – Ver 3, Rel 1
Samsung Android OS 13 with Knox 3.x STIG
Samsung Android OS 14 with Knox 3.x STIG
Unified Endpoint Management Server SRG
Unclassified Network STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
Application Layer Gateway SRG – Ver 2, Rel 1
Arista MLS EOS 4.2x STIG
Authentication, Authorization, and Accounting Services (AAA) SRG – Ver 2, Rel 1
Central Log Server SRG – Ver 3, Rel 1
Cisco ASA STIG
Cisco IOS Router STIG
Cisco IOS Switch STIG
Cisco IOS XE Router STIG
Cisco IOS XE Switch STIG
Cisco IOS XR Router STIG
Cisco ISE STIG
Cisco NX OS Switch STIG
Domain Name System (DNS) SRG – Ver 4, Rel 1
Firewall SRG – Ver 3, Rel 1
Forescout STIG
HPE 3PAR StoreServ OS STIG
HPE Nimble Storage Array STIG – Ver 2, Rel 1
Intrusion Detection and Prevention System Technology SRG – Ver 3, Rel 1
Ivanti Connect Secure STIG
Juniper EX Series Switches STIG
Juniper Router STIG
Juniper SRX Services Gateway STIG
Layer 2 Switch SRG – Ver 3, Rel 1
Microsoft Windows Server Domain Name System STIG – Ver 2, Rel 1
NetApp ONTAP DSC 9.x STIG – Ver 2, Rel 1
Network Device Management SRG – Ver 5, Rel 1
Palo Alto Networks STIG
Riverbed NetProfiler STIG – Ver 2, Rel 1
Router SRG – Ver 5, Rel 1
SDN Controller SRG – Ver 2, Rel 1
Splunk Enterprise 7.x for Windows STIG – Ver 3, Rel 1
Splunk Enterprise 8.x for Linux STIG – Ver 2, Rel 1
Trend Micro TippingPoint STIG
Virtual Private Network (VPN) SRG – Ver 3, Rel 1
Unclassified Operating System STIGs and Overviews:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
Apple macOS 14 (Sonoma) STIG – Ver 2, Rel 1
Canonical Ubuntu 22.04 LTS STIG – Ver 2, Rel 1
General Purpose Operating System SRG – Ver 3, Rel 1
IBM Hardware Management Console (HMC) STIG
IBM z/OS STIG
Mainframe Product SRG – Ver 3, Rel 1
Microsoft Windows 10 STIG – Ver 3, Rel 1
Microsoft Windows 11 STIG – Ver 2, Rel 1
Microsoft Windows PAW STIG – Ver 3, Rel 1
Microsoft Windows Server 2019 STIG – Ver 3, Rel 1
Microsoft Windows Server 2022 STIG – Ver 2, Rel 1
Nutanix AOS 5.20.x STIG
Oracle Linux 8 STIG – Ver 2, Rel 1
Red Hat Enterprise Linux 9 STIG – Ver 2, Rel 1
Solaris 11 SPARC STIG – Ver 3, Rel 1
Solaris 11 x86 STIG – Ver 3, Rel 1
SUSE Linux Enterprise Server 15 STIG – Ver 2, Rel 1
Tri-Lab Operating System Stack (TOSS) 4 STIG – Ver 2, Rel 1
Virtual Machine Manager SRG – Ver 2, Rel 1
z/OS SRR Scripts – Ver 6, Rel 61
zOS ACF2 Products – Ver 6, Rel 61
zOS RACF2 Products – Ver 6, Rel 61
zOS TSS Products – Ver 6, Rel 61
Sunset:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
Sunset – A10 Networks ADC STIG
Sunset – Apple macOS 12 STIG – Ver 1, Rel 9
Sunset – Arista MultiLayer Switch DCS 7000 Series STIG
Sunset – CA API Gateway STIG
Sunset – Canonical Ubuntu 18.04 LTS STIG – Ver 2, Rel 15
Sunset – DBN 6300 STIG
Sunset – Docker Enterprise 2.x Linux/Unix STIG – Ver 2, Rel 2
Sunset – EDB Postgres Advanced Server v11 on Windows STIG – Ver 2, Rel 4
Sunset – ForeScout CounterACT ALG STIG – Ver 1, Rel 3
Sunset – ForeScout CounterACT NDM STIG – Ver 1, Rel 2
Sunset – Google Android 12 STIG
Sunset – IBM MQ Appliance V9-0 STIG
Sunset – Microsoft Access 2010 STIG – Ver 1, Rel 11
Sunset – Microsoft Access 2013 STIG – Ver 1, Rel 7
Sunset – Microsoft Android 11 STIG
Sunset – Microsoft Excel 2010 STIG – Ver 1, Rel 12
Sunset – Microsoft Excel 2013 STIG – Ver 1, Rel 8
Sunset – Microsoft Exchange 2013 STIG
Sunset – Microsoft InfoPath 2010 STIG – Ver 1, Rel 12
Sunset – Microsoft InfoPath 2013 STIG – Ver 1, Rel 6
Sunset – Microsoft Lync 2013 STIG – Ver 1, Rel 5
Sunset – Microsoft Office System 2010 STIG – Ver 1, Rel 13
Sunset – Microsoft Office System 2013 STIG – Ver 2, Rel 2
Sunset – Microsoft PowerPoint 2010 STIG – Ver 1, Rel 11
Sunset – Microsoft PowerPoint 2013 STIG – Ver 1, Rel 7
Sunset – Microsoft Project 2010 STIG – Ver 1, Rel 10
Sunset – Microsoft Project 2013 STIG – Ver 1, Rel 5
Sunset – Microsoft Publisher 2010 STIG – Ver 1, Rel 12
Sunset – Microsoft Publisher 2013 STIG – Ver 1, Rel 6
Sunset – Microsoft SQL Server 2014 STIG
Sunset – Microsoft Visio 2013 STIG – Ver 1, Rel 5
Sunset – Microsoft Windows 2012 Server Domain Name System STIG – Ver 2, Rel 7
Sunset – Microsoft Word 2010 STIG – Ver 1, Rel 12
Sunset – Microsoft Word 2013 STIG – Ver 1, Rel 7
Sunset – MongoDB 3.x STIG – Ver 2, Rel 3
Sunset – MongoDB 4.x STIG – Ver 1, Rel 4
Sunset – Motorola Solutions Android 11 COBO STIG – Ver 1, Rel 3
Sunset – Oracle Database 11.2g STIG – Ver 2, Rel 5
Sunset – PostgreSQL 9.x STIG – Ver 2, Rel 5
Sunset – Red Hat Enterprise Linux 7 STIG – Ver 3, Rel 15
Sunset – Riverbed Steelhead CX v8 STIG
Sunset – Samsung Android 11 Knox 3.x STIG
Sunset – Samsung Android 12 KPE 3.x STIG
Sunset – VMware Workspace ONE13:54 UEM STIG – Ver 2, Rel 2
Rev. 4 Sunset:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=sunset
Rev. 4 Sunset – Apache Server 2.4 Unix STIG
Rev. 4 Sunset – Apache Server 2.4 Windows STIG
Rev. 4 Sunset – Apache Tomcat Application Server 9 STIG – Ver 2, Rel 7
Rev. 4 Sunset – Apple iOS/iPadOS 16 STIG – Ver 1, Rel 13
Rev. 4 Sunset – Apple iOS/iPadOS 17 STIG – Ver 1, Rel 1
Rev. 4 Sunset – Apple macOS 14 (Sonoma) STIG – Ver 1, Rel 2
Rev. 4 Sunset – Application Layer Gateway SRG – Ver 1, Rel 2
Rev. 4 Sunset – Application Security and Development STIG – Ver 5, Rel 3
Rev. 4 Sunset – Application Server SRG – Ver 3, Rel 4
Rev. 4 Sunset – Arista MLS EOS 4.2x STIG
Rev. 4 Sunset – Authentication, Authorization, and Accounting Services (AAA) SRG – Ver 1, Rel 2
Rev. 4 Sunset – Canonical Ubuntu 22.04 LTS STIG – Ver 1, Rel 1
Rev. 4 Sunset – Central Log Server SRG – Ver 2, Rel 2
Rev. 4 Sunset – Cisco ASA STIG
Rev. 4 Sunset – Cisco IOS Router STIG
Rev. 4 Sunset – Cisco IOS Switch STIG
Rev. 4 Sunset – Cisco IOS XE Router STIG
Rev. 4 Sunset – Cisco IOS XE Switch STIG
Rev. 4 Sunset – Cisco IOS XR Router STIG
Rev. 4 Sunset – Cisco ISE STIG
Rev. 4 Sunset – Cisco NX OS Switch STIG
Rev. 4 Sunset – Container Platform SRG – Ver 1, Rel 5
Rev. 4 Sunset – Crunchy Data PostgreSQL STIG – Ver 2, Rel 2
Rev. 4 Sunset – Database SRG – Ver 3, Rel 4
Rev. 4 Sunset – Domain Name System (DNS) SRG – Ver 3, Rel 1
Rev. 4 Sunset – EnterpriseDB Postgres Advanced Server (EPAS) STIG – Ver 1, Rel 1
Rev. 4 Sunset – Firewall SRG – Ver 2, Rel 3
Rev. 4 Sunset – Forescout STIG
Rev. 4 Sunset – General Purpose Operating System SRG – Ver 2, Rel 7
Rev. 4 Sunset – Google Android 13 STIG – Ver 1, Rel 1
Rev. 4 Sunset – Google Android 14 STIG
Rev. 4 Sunset – HPE 3PAR StoreServ OS STIG
Rev. 4 Sunset – HPE Nimble Storage Array STIG – Ver 1, Rel 2
Rev. 4 Sunset – IBM Hardware Management Console (HMC) STIG
Rev. 4 Sunset – IBM z/OS STIG
Rev. 4 Sunset – Intrusion Detection and Prevention System Technology SRG – Ver 2, Rel 6
Rev. 4 Sunset – Ivanti Connect Secure STIG
Rev. 4 Sunset – Ivanti MobileIron Core MDM Server STIG – Ver 1, Rel 1
Rev. 4 Sunset – Ivanti MobileIron Sentry 9.x STIG – Ver 1, Rel 1
Rev. 4 Sunset – Jamf Pro v10.x EMM STIG – Ver 2, Rel 1
Rev. 4 Sunset – Juniper EX Series Switches STIG
Rev. 4 Sunset – Juniper Router STIG
Rev. 4 Sunset – Juniper SRX Services Gateway STIG
Rev. 4 Sunset – Kubernetes STIG – Ver 1, Rel 11
Rev. 4 Sunset – Layer 2 Switch SRG – Ver 2, Rel 1
Rev. 4 Sunset – Mainframe Product SRG – Ver 2, Rel 1
Rev. 4 Sunset – MariaDB Enterprise 10.x STIG – Ver 1, Rel 3
Rev. 4 Sunset – MarkLogic Server v9 STIG – Ver 2, Rel 2
Rev. 4 Sunset – Microsoft Azure SQL Database STIG – Ver 1, Rel 2
Rev. 4 Sunset – Microsoft Edge STIG – Ver 1, Rel 8
Rev. 4 Sunset – Microsoft Exchange 2019 STIG
Rev. 4 Sunset – Microsoft IIS 10.0 Server STIG
Rev. 4 Sunset – Microsoft Office 365 ProPlus STIG – Ver 2, Rel 12
Rev. 4 Sunset – Microsoft SQL Server 2016 STIG
Rev. 4 Sunset – Microsoft Windows 10 STIG – Ver 2, Rel 9
Rev. 4 Sunset – Microsoft Windows 11 STIG – Ver 1, Rel 6
Rev. 4 Sunset – Microsoft Windows PAW STIG – Ver 2, Rel 3
Rev. 4 Sunset – Microsoft Windows Server 2019 STIG – Ver 2, Rel 9
Rev. 4 Sunset – Microsoft Windows Server 2022 STIG – Ver 1, Rel 5
Rev. 4 Sunset – Microsoft Windows Server Domain Name System STIG – Ver 1, Rel 1
Rev. 4 Sunset – Mirantis Kubernetes Engine STIG – Ver 1, Rel 1
Rev. 4 Sunset – MS SQL Server 2016 STIG
Rev. 4 Sunset – NetApp ONTAP DSC 9.x STIG – Ver 1, Rel 4
Rev. 4 Sunset – Network Device Management SRG – Ver 5, Rel 1
Rev. 4 Sunset – Nutanix AOS 5.20.x STIG – Ver, 1, Rel 1
Rev. 4 Sunset – Oracle Database 12c STIG – Ver 2, Rel 9
Rev. 4 Sunset – Oracle Linux 8 STIG – Ver 1, Rel 10
Rev. 4 Sunset – Oracle MySQL 8.0 STIG – Ver 1, Rel 5
Rev. 4 Sunset – Palo Alto Networks STIG
Rev. 4 Sunset – Palo Alto Networks Prisma Cloud Compute STIG – Ver 1, Rel 3
Rev. 4 Sunset – Rancher Government Solutions Multi-Cluster Manager STIG – Ver 1, Rel 3
Rev. 4 Sunset – Rancher Government Solutions RKE2 STIG – Ver 1, Rel 5
Rev. 4 Sunset – Red Hat Ansible Automation Controller STIG
Rev. 4 Sunset – Red Hat Enterprise Linux 9 STIG – Ver 1, Rel 3
Rev. 4 Sunset – Red Hat OpenShift Container Platform 4.12 STIG – Ver 1, Rel 1
Rev. 4 Sunset – Redis Enterprise 6.x STIG – Ver 1, Rel 3
Rev. 4 Sunset – Riverbed NetProfiler STIG – Ver 1, Rel 1
Rev. 4 Sunset – Router SRG – Ver 4, Rel 3
Rev. 4 Sunset – Samsung Android OS 13 with Knox 3.x STIG
Rev. 4 Sunset – Samsung Android OS 14 with Knox 3.x STIG
Rev. 4 Sunset – SDN Controller SRG – Ver 1, Rel 2
Rev. 4 Sunset – Solaris 11 SPARC STIG – Ver 2, Rel 10
Rev. 4 Sunset – Solaris 11 x86 STIG – Ver 2, Rel 10
Rev. 4 Sunset – Splunk Enterprise 7.x for Windows STIG – Ver 2, Rel 4
Rev. 4 Sunset – Splunk Enterprise 8.x for Linux STIG – Ver 1, Rel 5
Rev. 4 Sunset – SUSE Linux Enterprise Server 15 STIG – Ver 1, Rel 13
Rev. 4 Sunset – Tanium 7.x TanOS STIG – Ver 1, Rel 1
Rev. 4 Sunset – Tanium 7.x STIG – Ver 1, Rel 2
Rev. 4 Sunset – Trellix Application Control 8.x STIG – Ver 2, Rel 2
Rev. 4 Sunset – Trend Micro TippingPoint STIG
Rev. 4 Sunset – Tri-Lab Operating System Stack (TOSS) 4 STIG – Ver 1, Rel 3
Rev. 4 Sunset – Unified Endpoint Management Server SRG
Rev. 4 Sunset – Virtual Machine Manager SRG – Ver 1, Rel 3
Rev. 4 Sunset – Virtual Private Network (VPN) SRG – Ver 2, Rel 6
Rev. 4 Sunset – Web Server SRG – Ver 3, Rel 3
Benchmarks:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=scap
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=scap
Canonical Ubuntu 18.04 LTS STIG Benchmark – Ver 2, Rel 12
Canonical Ubuntu 20.04 LTS STIG Benchmark – Ver 1, Rel 10
Cisco IOS-XE Router NDM STIG Benchmark – Ver 3, Rel 1
Cisco IOS-XE Router RTR STIG Benchmark – Ver 3, Rel 1
Kubernetes STIG Benchmark – Ver 2, Rel 1
Microsoft Edge STIG Benchmark – Ver 2, Rel 1
Microsoft Windows 10 STIG Benchmark – Ver 3, Rel 1
Microsoft Windows 11 STIG Benchmark – Ver 2, Rel 1
Microsoft Windows Server 2016 STIG Benchmark – Ver 2, Rel 6
Microsoft Windows Server 2019 STIG Benchmark – Ver 3, Rel 1
Microsoft Windows Server 2022 STIG Benchmark – Ver 2, Rel 1
Oracle Linux 8 STIG Benchmark – Ver 2, Rel 1
Red Hat Enterprise Linux 7 STIG Benchmark – Ver 3, Rel 15
Red Hat Enterprise Linux 8 STIG Benchmark – Ver 1, Rel 13
Red Hat Enterprise Linux 9 STIG Benchmark – Ver 2, Rel 1
Solaris 11 SPARC STIG SCAP Benchmark – Ver 3, Rel 1
Solaris 11 x86 STIG SCAP Benchmark – Ver 3, Rel 1
SUSE Linux Enterprise Server 15 Benchmark – Ver 2, Rel 1
TOSS 4 STIG Benchmark – Ver 2, Rel 1
Unclassified HBSS STIGs:
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=hbss
Trellix Application Control 8.x STIG – Ver 3, Rel 1
DISA releases updates to the VMware vSphere 8.0 Security Technical Implementation Guide
The Defense Information Systems Agency recently approved the VMware vSphere 8.0 Security Technical Implementation Guide (STIG), which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
VMware vSphere 8.0 Update 3 STIG Slated for Release
VMware recently released vSphere 8.0 Update 3. Revised STIG content for U3 will be released rapidly to provide STIG support for U3 deployments.
The VMware vSphere 8.0 STIG packages will be incremented to V2R1, which will include U3 updates, NIST Special Publication 800-53 Revision 5 Control Correlation Identifier updates, and any pending revisions for the July 2024 Quarterly Maintenance Release.
Existing deployments based on U2 should continue to use the current V1R1 package until they are upgraded to U3. The V1R1 package will remain on Cyber Exchange in its original, unaltered state until VMware halts support for U2. No maintenance will be performed on the VMware V1R1 STIGs.
DISA releases the Cloud Computing Security Requirements Guide
The Defense Information Systems Agency recently approved the Cloud Computing Security Requirements Guide (SRG), which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the SRG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The SRG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG or SRG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases the Crunchy Data Postgres 16 Security Technical Implementation Guide
The Defense Information Systems Agency recently approved the Crunchy Data Postgres 16 Security Technical Implementation Guide (STIG), which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases the SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
The Defense Information Systems Agency recently approved the SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide (STIG), which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
STIG Update
DISA recently released the following updated Security Guidance:
The automation portion of the April release will be held until the July maintenance release due to recent changes in automation processes and procedures, and upcoming changes to STIGs and SRGs from the fifth revision of the NIST SP 800-53.
Unclassified Network STIGs and SRGs:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=network-perimeter-wireless
BIND 9.x STIG – Ver 2, Rel 3
Domain Name System (DNS) SRG – Ver 3, Rel 2
Microsoft Windows 2012 Server Domain Name System STIG – Ver 2, Rel 6
Unclassified Operating System STIGs and Overviews:
https://cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems
Active Directory Domain STIG – Ver 3, Rel 4
Microsoft Windows 10 STIG – Ver 2, Rel 9
Microsoft Windows 11 STIG – Ver 1, Rel 6
Microsoft Windows Server 2016 STIG – Ver 2, Rel 8
Microsoft Windows Server 2019 STIG – Ver 2, Rel 9
Microsoft Windows Server 2022 STIG – Ver 1, Rel 5
DISA releases updates to the SRG/STIG Library Compilations.
These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update.
Customers can obtain the compilation from the DoD Cyber Exchange website at https://public.cyber.mil/stigs/compilations/.
Users who are unable to find and download the SRG/STIG compilation can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
GPO Update
Group Policy Objects (GPOs) have been updated for April 2024. Refer to the Change Log document included in the zip file for additional information.
The DISA Risk Management Executive posts the GPOs for use by system administrators to ease the burden in securing systems within their environment.
The GPOs can be found on the Cyber Exchange website on the Group Policy Objects tab:
- DOD Cyber Exchange – https://cyber.mil/stigs/gpo/ (Common Access Card required).
- DOD Cyber Exchange Public – https://public.cyber.mil/stigs/gpo/.
List of GPOs currently in the package:
Office Products
- Access 2013
- Access 2016
- Excel 2013
- Excel 2016
- InfoPath 2013
- Lync 2013
- Office 2019-M365 Apps
- Office System 2013
- Office System 2016
- OneDrive for Business 2016
- Outlook 2013
- Outlook 2016
- PowerPoint 2013
- PowerPoint 2016
- Project 2013
- Project 2016
- Publisher 2013
- Publisher 2016
- Skype for Business 2016
- Visio 2013
- Visio 2016
- Word 2013
- Word 2016
Browsers
- Edge
- Google Chrome
- Internet Explorer 11
- Mozilla Firefox
Antivirus
- Windows Defender AV
Adobe Acrobat
- Adobe Acrobat Pro DC Continuous
- Adobe Acrobat Reader DC Continuous
Operating Systems
- Windows 10
- Windows 11
- Windows Firewall
- Windows 2012 R2 DC
- Windows 2012 R2 MS
- Windows Server 2016 (MS and DC)
- Windows Server 2019 (MS and DC)
- Windows Server 2022
Assistance
For issues accessing files, email the Cyber Exchange web team at dod.cyberexchange@mail.mil.
For questions related to STIG content, email the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
DISA publishes April 2024 Quarterly Maintenance Release
DISA recently released the following updated Security Guidance.
Note: The automation portion of the April maintenance release will be held until the July maintenance release. This is due to recent changes in automation processes and procedures and upcoming changes to STIGs and SRGs from the fifth revision of the NIST SP 800-53.
Unclassified Application STIGs
Apache Server 2.4 Unix STIG
Microsoft .Net Framework 4.0 STIG – Ver 2, Rel 4
Microsoft Edge STIG – Ver 1, Rel 8
Microsoft Excel 2016 STIG – Ver 2, Rel 1
Microsoft Office 365 ProPlus STIG – Ver 2, Rel 12
Microsoft Office System 2016 STIG – Ver 2, Rel 3
MS SQL Server 2016 STIG
Rancher Government Solutions RKE2 STIG – Ver 1, Rel 5
Red Hat Ansible Automation Controller STIG
Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG – Ver 2, Rel 4
Unclassified Mobility STIGs and SRGs
Apple iOS/iPadOS 15 STIG – Ver 1, Rel 4
Google Android 13 BYOAD STIG
Samsung Android 14 with Knox 3.x STIG
Unclassified Network STIGs and SRGs:
Cisco IOS Switch STIG
Cisco IOS XE Switch STIG
Cisco NX OS Switch STIG
NetApp ONTAP DSC 9.x STIG – Ver 1, Rel 4
Router SRG – Ver 4, Rel 3
Unclassified Operating System STIGs and Overviews
Apple macOS 13 (Ventura) STIG – Ver 1, Rel 4
Apple macOS 14 (Sonoma) STIG – Ver 1, Rel 2
Canonical Ubuntu 18.04 LTS STIG – Ver 2, Rel 14
Canonical Ubuntu 20.04 LTS STIG – Ver 1, Rel 12
IBM zOS STIG
Oracle Linux 8 STIG – Ver 1, Rel 10
Red Hat Enterprise Linux 8 STIG – Ver 1, Rel 14
Red Hat Enterprise Linux 9 STIG – Ver 1, Rel 3
Solaris 11 SPARC STIG – Ver 2, Rel 10
Solaris 11 X86 STIG – Ver 2, Rel 10
SUSE Linux Enterprise Server 15 STIG – Ver 1, Rel 13
z/OS ACF2 Products – Ver 6, Rel 60
z/OS RACF Products – Ver 6, Rel 60
z/OS TSS Products – Ver 6, Rel 60
Sunset
Sunset – VMware Horizon 7.13 STIG
Assistance
For issues accessing files, email the Cyber Exchange web team at dod.cyberexchange@mail.mil.
For questions related to STIG content, email the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.
DISA releases the updated DOD Annex for MDFPP V 3.3
The Defense Information Systems Agency recently released the updated DOD Annex for Mobile Device Fundamental Protection Profile MDFPP V3.3, which becomes effective immediately.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the Annex from the DOD Cyber Exchange website at https://cyber.mil/stigs/niap/. The Annex is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/niap.
Users who are unable to find and download the content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to Annex content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
DISA releases the Mirantis Kubernetes Engine Security Technical Implementation Guide
The Defense Information Systems Agency recently approved the Mirantis Kubernetes Engine Security Technical Implementation Guide (STIG), which is effective immediately upon release.
Customers who possess a Common Access Card that has valid Department of Defense certificates can obtain the STIG from the DOD Cyber Exchange website at https://cyber.mil/stigs/downloads/. The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads.
Users who are unable to find and download the guide or other content can report their issue to the Cyber Exchange web team at dod.cyberexchange@mail.mil. Individuals who have further questions related to STIG content should email the DISA STIG customer support desk at disa.stig_spt@mail.mil.
PKI/PKE Announcements
New ECA PKI CAs Released
New WCF CAs released
The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.15.
Updated version of InstallRoot
InstallRoot version 5.6 is now available from the PKI/E Tools page. This release includes bug fixes and updates to InstallRoot embedded TAMP messages.
New DoD PKI CAs Released
The latest DoD PKI CA Certificates Bundle (PKCS#7) v5.12 has been updated to include DoD ID/Email CAs 70-73 and DoD SW CAs 74-77. These new CAs should begin production issuance in the second half of 2023.