General Cyber Exchange Announcements

McAfee Home Use Solutions

McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.

The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.

SRGs/STIGs Announcements

DISA Posts Files to Test New STIG Group and Rule IDs

As noted in a recent news announcement, to provide increased flexibility for the future, DISA is updating the systems that produce Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs). The initial modification will be to change Group and Rule IDs (Vul and Subvul IDs). The previous Group and Rule IDs will be retained through the update as “legacy” IDs, presented as XCCDF ident elements. See the example below:

<Group id="V-204392">
    <title>SRG-OS-000257-GPOS-00098</title>
    <description>…</description>
    <Rule id="SV-204392r85825_rule" weight="10.0" severity="high">
      <version>RHEL-07-010010</version>
      <title>The Red Hat Enterprise Linux operating system must be configured so that the 
      file permissions, ownership, and group membership of system files and commands match 
      the vendor values.</title>
      <description>…</description>
      <reference>…</reference>
      <ident system="http://cyber.mil/legacy">SV-86473</ident>
      <ident system="http://cyber.mil/legacy">V-71849</ident>
      <ident system="http://cyber.mil/cci">CCI-001494</ident>
      <ident system="http://cyber.mil/cci">CCI-001496</ident>
      <ident system="http://cyber.mil/cci">CCI-002165</ident>
      <ident system="http://cyber.mil/cci">CCI-002235</ident>

These updates will necessitate a new version number for every STIG as it is converted to the new format. For example, if the old version/release of a STIG is V2R6, the updated version/release will be V3R1.

DISA has posted two manual STIGs (Windows Server 2019 and Red Hat Enterprise Linux 7) on DoD Cyber Exchange in the new format for review and testing, along with associated automated benchmarks. A new XSL stylesheet is included in the STIGs to handle the “legacy” identifiers. The next release of STIG Viewer will also be able to handle the “legacy” identifiers.

The STIG files each include a spreadsheet that maps the legacy Group ID, legacy Rule ID, and STIG ID to the new Rule ID.

To review the new format, go to https://public.cyber.mil/stigs/downloads/ and search for the following items:

  • Microsoft Windows Server 2019 TEST STIG – Ver 2, Rel 0.3
  • Microsoft Windows Server 2019 TEST STIG Benchmark – Ver 2, Rel 0.3
  • Red Hat Enterprise Linux 7 TEST STIG – Ver 3, Rel 0.3
  • Red Hat Enterprise Linux 7 TEST STIG Benchmark – Ver 3, Rel 0.3

If you have any comments after reviewing these samples, please email them to disa.stig_spt@mail.mil and note in the subject line STIG Testing Comments.

Microsoft Extends Windows 10, 1709, End of Life to 10/13/2020

Microsoft has announced the extension of Windows 10, version 1709, end of life to 13 October 2020. DISA will be updating the Windows 10 STIG with this information.

For more details, visit https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revised-end-of-service-date-for-windows-10-version-1709-october/ba-p/1239043.

DISA Has Released the Oracle Linux 7 STIG, V1R1

DISA has released the Oracle Linux 7 Security Technical Implementation Guide (STIG), Version 1, Release 1. The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

Request for Comments: DISA Has Released the Draft Splunk Enterprise 7.x STIG for Review

DISA has released the Draft Splunk Enterprise 7.x Security Technical Implementation Guide (STIG) for review.
Customers who have a CAC with DoD Certificates can submit comments, recommended changes, and/or additions to the draft Splunk Enterprise 7.x STIG by 06 March 2020 on the Comment Matrix spreadsheet, located with the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC with DoD Certificates, the Comment Matrix spreadsheet is located with the STIG at https://public.cyber.mil/stigs/downloads/.

If you are not able to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the STIG in the subject line of your email.

DISA Has Released the BlackBerry UEM 12.11 STIG

DISA has released the BlackBerry UEM 12.11 Security Technical implementation Guide (STIG). The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are not able to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

DISA Announces Changes to STIG Vulnerability Identifiers

In order to provide increased flexibility for the future, DISA is updating the systems that produce Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs). The initial modification is changing Group and Rule IDs (Vul and Subvul IDs). The previous Group and Rule IDs will be retained through the update as “legacy” IDs, presented as XCCDF ident elements. See the below example:

<Group id="V-204392">
   <title>SRG-OS-000257-GPOS-00098</title>
   <description>…</description>
   <Rule id="SV-204392r85825_rule" weight="10.0" severity="high">
      <version>RHEL-07-010010</version>
      <title>The Red Hat Enterprise Linux operating system must be 
      configured so that the file permissions, ownership, and group membership 
      of system files and commands match the vendor values.</title>
      <description>…</description>
      <reference>…</reference>
      <ident system="http://cyber.mil/legacy">SV-86473</ident>
      <ident system="http://cyber.mil/legacy">V-71849</ident>
      <ident system="http://cyber.mil/cci">CCI-001494</ident>
      <ident system="http://cyber.mil/cci">CCI-001496</ident>
      <ident system="http://cyber.mil/cci">CCI-002165</ident>
      <ident system="http://cyber.mil/cci">CCI-002235</ident>

These updates will necessitate a new version number for every STIG as it is converted to the new format. For example, if the old version/release of a STIG is V2R6, the updated version/release will be V3R1.

DISA will make two manual STIGs (Microsoft Windows Server 2019 and Red Hat Enterprise Linux 7) available in the new format, along with associated automated benchmarks. A new XSL stylesheet is included to handle the “legacy” identifiers. The next release of STIG Viewer will also be able to handle the “legacy” identifiers.

Group Policy Objects (GPOs) Have Been Updated for January 2020

Group Policy Objects (GPOs) have been updated for January 2020.  See the Change Log document included in the zip file for additional information.

DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.

The GPOs can be found on Cyber Exchange website on the Group Policy Objects tab located at https://public.cyber.mil/stigs/gpo/.

List of GPOs currently in the package:

Adobe Acrobat Pro DC Classic
Adobe Acrobat Pro DC Continuous
Google Chrome
Internet Explorer 11
Office System 2013 and Components
Office System 2016 and Components
Windows 8 and 8.1
Windows 10
Windows Defender Antivirus
Windows Firewall
Windows Server 2012 R2 MS
Window Server 2012 R2 DC

DISA has released updates to the SRG/STIG Library Compilations

These updates include the latest quarterly SRG/STIG update and newly released SRGs and STIGs published since the last quarterly update.

PKI/PKE Announcements

New WCF CAs released - Certificate Bundle v5.8

The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.8.