Group Policy Objects (GPOs) provides an infrastructure for centralized configuration management of the Windows operating system and applications that run on the operating system. GPOs are a collection of settings that define what a system will look like and how it will behave for a defined group of computers or users. GPOs are used within Active Directory to configure systems in accordance with Security Technical Implementation Guides (STIGs). Benefits of using GPOs are time and cost saving, centralized location for all configurations, increased productivity, enhanced security and standardization.
This package is to be used to assist administrators implementing STIG settings within their environment. The administrator must fully test GPOs in test environments prior to live production deployments. The GPOs provided contain most applicable GPO STIG settings contained in STIG files.
This package contains ADMX template files, GPO backup exports, GPO reports, and WMI filter exports and STIG Checklist files. It is to provide enterprise administrators the supporting GPOs and related files to aid them in the deployment of GPOs within their enterprise to meet STIG requirements. See the ReadMe.txt file for additional information.
On occasion, publication dates of the DISA Group Policy Objects (GPO) file and DISA STIGs do not coincide. This is attributed to the timing of a quarterly release and out-of-cycle guidance updates, which can occur on an ad hoc basis. When there is a lag between GPO and STIG publication dates, DISA works to minimize this difference to the greatest extent possible so it does not exceed, at maximum, a few weeks.
It must be noted that the Group Policy Objects (GPO) provided should be evaluated in a local, representative test environment before implementation within production environments. The extensive variety of environments makes it impossible to test these GPOs for all potential enterprise Active Directory and software configurations. For most environments, failure to test before implementation may lead to a loss of required functionality.
It is especially important to fully test with all GPOs against all Windows Operating Systems, internet browsers, specific and legacy applications which are targeted by each STIG GPO which are currently used in the environment.