How to Apply DISA STIGs

Table of Contents

• Downloading the DISA STIG Library
• Downloading the DISA SCAP Compliance Checker (SCC) Tool
• Downloading the DISA STIG Viewer Tool
• Using the DISA SCC Tool
• Applying DISA STIGs
• Reviewing DISA SCC Scan Results Using the DISA STIG Viewer
• References

Notes

• Security controls are applied to DoD Information Systems based on their MAC (Mission Assurance Category)
• You can apply DISA STIGs manually to achieve a trusted baseline
• Alternatively, you can use the SHB is used to automatically apply some DISA STIGs
• SCAP is used to automatically check if you’re within compliance
• Nessus supports SCAP files (which means you can use Nessus to check machines for baseline compliance)

References

• DoDI 8580.1 - Information Assurance (IA) in the Defense Acquisition System
• STIG Report (by MAC)
• nsacyber GitHub - Windows Secure Host Baseline
• DISA SRG / STIG Library Compilations
• DISA STIG Viewer Tool
• DISA SCAP Compliance Checker