ELI5: What is a STIG?
STIGs are detailed security checklists from the government that tell you exactly how to lock down each type of system. They are like building codes, but for computer security.
Definition
STIGs (Security Technical Implementation Guides) are detailed, prescriptive hardening guides published by the Defense Information Systems Agency (DISA) for use by the U.S. Department of Defense and its contractors. STIGs specify required security configurations for operating systems, applications, network devices, and other IT components used in DoD environments.
Key Details
- Published by DISA for DoD systems; mandatory for federal government contractors working with DoD
- More stringent than CIS Benchmarks in many areas; designed for high-security government environments
- STIGs are organized as checklists with individual rules rated as Category I (most critical), II, or III
- STIG Viewer is the official tool for reviewing and tracking STIG compliance
- Available for Windows, Linux, macOS, network devices, databases, applications, and web servers
Connections
- Parent: hardening — STIGs are the definitive hardening standard for DoD and government environments
- See also: cis-benchmarks