Nothing Found

DISA has released the Draft Splunk Enterprise 7.x Security Technical Implementation Guide (STIG) for review.
Customers who have a CAC with DoD Certificates can submit comments, recommended changes, and/or additions to the draft Splunk Enterprise 7.x STIG by 06 March 2020 on the Comment Matrix spreadsheet, located with the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC with DoD Certificates, the Comment Matrix spreadsheet is located with the STIG at https://public.cyber.mil/stigs/downloads/.

If you are not able to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the STIG in the subject line of your email.

In order to provide increased flexibility for the future, DISA is updating the systems that produce Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs). The initial modification is changing Group and Rule IDs (Vul and Subvul IDs). The previous Group and Rule IDs will be retained through the update as “legacy” IDs, presented as XCCDF ident elements. See the below example:

<Group id="V-204392">
   <title>SRG-OS-000257-GPOS-00098</title>
   <description>…</description>
   <Rule id="SV-204392r85825_rule" weight="10.0" severity="high">
      <version>RHEL-07-010010</version>
      <title>The Red Hat Enterprise Linux operating system must be 
      configured so that the file permissions, ownership, and group membership 
      of system files and commands match the vendor values.</title>
      <description>…</description>
      <reference>…</reference>
      <ident system="http://cyber.mil/legacy">SV-86473</ident>
      <ident system="http://cyber.mil/legacy">V-71849</ident>
      <ident system="http://cyber.mil/cci">CCI-001494</ident>
      <ident system="http://cyber.mil/cci">CCI-001496</ident>
      <ident system="http://cyber.mil/cci">CCI-002165</ident>
      <ident system="http://cyber.mil/cci">CCI-002235</ident>

These updates will necessitate a new version number for every STIG as it is converted to the new format. For example, if the old version/release of a STIG is V2R6, the updated version/release will be V3R1.

DISA will make two manual STIGs (Microsoft Windows Server 2019 and Red Hat Enterprise Linux 7) available in the new format, along with associated automated benchmarks. A new XSL stylesheet is included to handle the “legacy” identifiers. The next release of STIG Viewer will also be able to handle the “legacy” identifiers.