StudyDaddy Article Writing Security Technical Implementation Guides (STIGs) are developed by the Defense Information Systems Agency (DISA) in conjunction with the National Security Agency (NSA) and the National Institute of Sta

Security Technical Implementation Guides (STIGs) are developed by the Defense Information Systems Agency (DISA) in conjunction with the National Security Agency (NSA) and the National Institute of Sta

Security Technical Implementation Guide (STIG) Lab

Class: CYB.6010

Name:

Date:

Security Technical Implementation Guides (STIGs) are developed by the Defense Information Systems Agency (DISA) in conjunction with the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST). STIGs are used to harden information technology resources such as routers, databases, networks, software development, and other related technologies. STIGs are delivered in SCAP-compliant XML formats for use by SCAP-compliant tools such as Nessus. STIGs are able to be manually examined by using the STIG Viewer. Being able to manually step through a STIG is especially important for uniquely sensitive systems that do not respond well to the use of automated tools.

  1. Let’s visit the Information Assurance Support Environment (IASE). Go to: http://iase.disa.mil/stigs/Pages/index.aspx

  1. Click on “STIG Viewing Guidance”. Security Technical Implementation Guides (STIGs) are developed by the Defense Information Systems Agency (DISA) in conjunction with the National Security Agency (NSA) and the National Institute of Sta 1


  1. Click on “STIG Viewer Version 2.6.1.” and download and follow the instructions to run.


  1. Return to the IASE website and click on “STIGs Master List (A to Z)”. This is a list of all of the STIGs available. Notice there are STIGs for all technologies.Security Technical Implementation Guides (STIGs) are developed by the Defense Information Systems Agency (DISA) in conjunction with the National Security Agency (NSA) and the National Institute of Sta 2


  1. Click on “Apache 2.2 STIG-UNIX - Version 1, Release 9”.


  1. Open the folder “u_apache_2.2_unix_v1r9_stigs.zip” and then open the folder “U_APACHE_2.2_SERVER_UNIX_V1R9_MANUAL_STIG.zip”


  1. Copy the file “U_APACHE_2.2_SERVER_UNIX_V1R9_manual-xccdf” to your desktop.


  1. Open the STIG Viewer. Please provide the STIG Viewer screenshot.


  1. Go to “File-Import STIG” and import the file you just saved to your desktop.


  1. Notice how you are able to step through and read each configuration. You are able to make notes. Please provide the STIG Viewer screenshot.


  1. Look for STIG ID “WG400 A22 – WG400”.

What is the Rule Title?


  1. Look for STIG ID “WG250 A22 – WG250”.

What is the Rule Title?


  1. Look for STIG ID “WG237 A22 – WG237”.

What is the Rule Title?

  1. What controls for NIST 800-53 do Questions 1, 12, and 13 above meet?


As you can see, performing these checks manually is possible. Using SCAP-compliant automated tools such as Nessus is much easier but if it’s not applicable you may perform these checks and configurations on your own.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!