General Cyber Exchange Announcements

Supplemental Automation Content has been updated for July 2020

This content leverages Configuration Management tools to enforce STIG requirements. These tools allow for customization and use a STIG-centric approach.

The Supplemental Automation Content can be found on the Cyber Exchange website on the Supplemental Automation Content tab located at:
https://cyber.mil/stigs/supplemental-automation-content/

For users who do not have a CAC that has DoD Certificates, the Supplemental Automation Content is also available from:
https://public.cyber.mil/stigs/supplemental-automation-content/

McAfee Home Use Solutions

McAfee has announced a “Work from Home (WFH)” program that provides free access to their Total Protection solution for 60-days. Under McAfee WFH, anyone can download their premier anti-virus and secure virtual private networking solutions to better protect their systems in response to the heightened mission need to support telework requirements. Click here to learn more about McAfee’s corporate Work from Home program.

The DoD Home Use program provides an annual subscription to McAfee’s Internet Security product for approved DoD employees via this website: https://www.disa.mil/Cybersecurity/Network-Defense/Antivirus/Home-Use.

SRGs/STIGs Announcements

Request for Comments - DISA Has Released the Draft Cisco ASA STIG for Review

DISA has released the Draft Cisco ASA Security Technical Implementation Guide (STIG) for review.

Customers who have a CAC with DoD Certificates can submit comments, recommended changes, and/or additions to the draft STIG by 27 January 2021 on the Comment Matrix spreadsheet, located with the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC with DoD Certificates, the Comment Matrix spreadsheet is located with the STIG at https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the STIG in the subject line of your email.

Request for Comments - DISA Has Released the Draft RHEL 8 STIG SCAP Benchmark for Review

DISA has released the Draft Red Hat Enterprise Linux (RHEL) 8 Security Technical Implementation Guide (STIG) SCAP Benchmark for review.

Customers who have a CAC with DoD Certificates can submit comments, recommended changes, and/or additions to the draft benchmark by 21 January 2021 on the Comment Matrix spreadsheet, located with the benchmark at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC with DoD Certificates, the Comment Matrix spreadsheet is located with the benchmark at https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the benchmark in the subject line of your email.

STIG Update - DISA Has Released the Forescout STIG

DISA has released the Forescout Security Technical Implementation Guide (STIG), which consists of the Forescout Network Access Control STIG and the Forescout Network Device Management STIG. The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

STIG Update - DISA Has Released the Red Hat Enterprise Linux 8 STIG

DISA has released the Red Hat Enterprise Linux 8 Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

STIG Update - DISA Has Released the Crunchy Data PostgreSQL STIG

DISA has released the Crunchy Data PostgreSQL Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

STIG Update - DISA Has Released the Unified Endpoint Management SRG

DISA has released the Unified Endpoint Management Security Requirements Guide (SRG). The requirements of the SRG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the SRG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the SRG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

DISA has released the Samsung Android 11 with Knox 3.x Security Technical Implementation Guide (STIG)

The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

Request for Comments - DISA Has Released the Draft Kubernetes STIG for Review

DISA has released the Draft Kubernetes Security Technical Implementation Guide (STIG) for review.

Customers who have a CAC with DoD Certificates can submit comments, recommended changes, and/or additions to the draft STIG by 11 January 2021 on the Comment Matrix spreadsheet, located with the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC with DoD Certificates, the Comment Matrix spreadsheet is located with the STIG at https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the STIG in the subject line of your email.

STIG Update - DISA Has Released the Apple macOS 11 STIG

DISA has released the Apple macOS 11 Security Technical Implementation Guide (STIG). The requirements of the STIG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the STIG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

STIG Update - DISA Has Released Latest STIG Applicability Guides

DISA has released the latest STIG Applicability Guides for Linux, Mac, and Windows. The purpose of this tool is to assist the SRG/STIG user community in determining what SRGs and/or STIGs apply to a particular situation or information system and to create a fully formatted document containing a “collection” of SRGs and STIGs applicable to the situation being addressed.

The SRG/STIG Applicability Guide is updated periodically to address the most recent new SRG/STIG releases and sunset products.

Customers who have a CAC that has DoD Certificates can obtain the files at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the files are also available from https://public.cyber.mil/stigs/downloads/.

If you are not able to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberx@mail.mil. For all questions related to the guide content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

STIG Update - DISA Has Released the Container Platform SRG

DISA has released the Container Platform Security Requirements Guide (SRG). The requirements of the SRG become effective immediately.

Customers who have a CAC that has DoD Certificates can obtain the SRG at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the SRG is also available from https://public.cyber.mil/stigs/downloads/.

If you are unable to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the SRG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

STIG Update - DISA Has Released Microsoft Windows STIG and GPO updates

DISA has released the following out-of-cycle Security Technical Implementation Guide (STIG) and benchmark updates:

Microsoft Windows 10 STIG – Ver 2, Rel 1
Microsoft Windows 2012 and 2012 R2 DC STIG- Ver 3, Rel 1
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 3, Rel 1
Microsoft Windows Defender Antivirus STIG – Ver 2, Rel 1
Microsoft Windows Server 2016 STIG – Ver 2, Rel 1
Microsoft Windows Server 2019 STIG – Ver 2, Rel 1
Microsoft OneDrive STIG – Ver 2, Rel 1

Microsoft Windows 10 STIG Benchmark – Ver 2, Rel 1
Microsoft Windows Defender Antivirus STIG Benchmark – Ver 2, Rel 1
Microsoft Windows Server 2012 and 2012 R2 DC STIG Benchmark – Ver 3, Rel 1
Microsoft Windows Server 2012 and 2012 R2 MS STIG Benchmark – Ver 3, Rel 1
Microsoft Windows Server 2016 STIG Benchmark – Ver 2, Rel 1
Microsoft Windows Server 2019 STIG Benchmark – Ver 2, Rel 1

The requirements of the STIGs become effective immediately.

Revised Group Policy Objects have also been posted.

Customers who have a CAC that has DoD Certificates can obtain the files at https://cyber.mil/stigs/downloads/.

For those who do not have a CAC that has DoD Certificates, the files are also available from https://public.cyber.mil/stigs/downloads/.

If you are not able to find and download the content, please report broken link issues to the DoD Cyber Exchange Web team at dod.cyberexchange@mail.mil. For all questions related to the STIG content, please contact the DISA STIG Customer Support Desk at disa.stig_spt@mail.mil.

PKI/PKE Announcements

New WCF CAs released - Certificate Bundle v5.10

The WCF PKI has recently deployed updated WCF Signing CAs 1-10. These new certificates are now available in the WCF PKI PKCS#7 Certificate Bundle v5.10.