SRGs and STIGs Training

Version: 1.0 Length: 0.5 Hours

Launch Training
i Information

This presentation defines Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs) in the context of how these documents provide mandatory guidance for cyber security configuration practitioners and software developers. This course describes how SRGs provide general security compliance guidelines, which serve as source guidance documents for STIGs, which document applicable DoD policies and security requirements for specific technical products, as well as best practices and configuration guidelines. The training discusses the four Core SRGs that are the highest level SRGs, providing general security guidelines for operating systems, network infrastructure, applications, and non-technical policy controls. Core SRGs contain all security requirements for their specific technology and policy areas. Technology SRGs are subordinate to the Core SRGs. Technology SRGs do not refer to a specific product or product version, but contain all requirements that have been flagged as applicable from the parent level Core SRGs. The technology SRGs, in turn, provide the basis for product-specific STIGs. This training concludes by describing how SRGs and STIGs are developed and what role the STIG Community has in their development, as well as how users may join the STIG Community and participate in SRG and STIG development.