Summary
The United States Defense Information Systems Agency (DISA) publishes Security Technical Implementation Guides (STIGs) as cybersecurity guidelines and best practices. STIGs provide a standard configuration baseline for components of information systems owned by the Department of Defense (DoD) and other federal agencies, supporting these systems in satisfying strict security standards.
STIGs contain technical guidance on how to configure software and applications securely. Guides include settings related to the least functionality, access control, patch management, encryption, and auditing. They also provide recommendations for mitigating specific vulnerabilities, which include reducing the attack surface of systems, and supporting satisfaction of United States Federal Government requirements, such as FIPS-200 and FISMA metrics. DISA works with other DoD entities, industry partners, and cybersecurity experts to develop and maintain these guidelines.
Although STIGs are primarily intended for National Security Systems systems, they are widely used by other federal agencies, contractors, and even private sector organizations within the United States and internationally to enhance their security practices.
The comprehensive list of STIGs is available from DISA on the DoD Cyber Exchange.
Validated and supported compliance automation profiles are available for the versions listed below.
Products in Scope
- Red Hat Enterprise Linux
- 9
- 8
- 7
- 6
- Red Hat Ansible Automation Platform
- 2
- Red Hat JBoss Enterprise Application Platform
- 6
- 5
- Red Hat OpenShift
- 4
Links
Additional Resources
Meta Data
Products
Regions
Industries
