Security Technical Implementation Guides (STIGs) are configuration standards developed by the Defense Information Systems Agency (DISA). They are designed to make device hardware and software as secure as possible, safeguarding the Department of Defense (DoD) IT network and systems.
Compliance with STIGs is a requirement for DoD agencies, or any organization that is a part of the DoD information networks (DoDIN). This includes defense contractors that connect to the DoD network or system.
There are hundreds of STIGs designed for specific software, routers, operating systems and devices. DoD agencies may use off-the-shelf IT products within their network and infrastructure and STIGs ensure these products are as secure as possible, in contrast to the default vendor configurations that may favor usability over security.
Hardening the configuration of IT solutions helps to mitigate vulnerabilities and lower the risk of cybersecurity incidents. The creation of a STIG will also be key to gaining approval for a product to be used within the network. This guide explores DISA STIGs, what they consist of, and an overview of solutions that can help your organization achieve compliance.
100 + NIST 800-53 Templates Available for Download for Cleared Industry
The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5.
From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS
With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO. Core services and solutions offered include the following:
- Scoping & Gap (i.e., Readiness) Assessments
- Remediation Services (Policy and Procedures writing)
- Remediation Services (Technical and Operational)
- System Security Plan (SSP) Development
- Completion of eMASS Export Control Spreadsheets
- Continuous Monitoring (ConMon) Services
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.