Security Technical Implementation Guide

From Wikipedia, the free encyclopedia

A Security Technical Implementation Guide or STIG is a methodology for standardized secure installation and maintenance of computer software and hardware. The term was coined by DISA who creates configuration documents in support of the United States Department of Defense (DoD). The implementation guidelines include recommended administrative processes and span over the lifecycle of the device.

An example where STIGs would be of benefit is in the configuration of a desktop computer. Most Operating Systems are ordinarily usable in a wide-range of environments. This leaves them open to easily being controlled by malicious people, such as hackers. Therefore, a STIG describes what needs to be done for minimizing network-based attacks and also for stopping system access if a hacker is next to the device. Lastly, a STIG may also be used to describe the processes and lifecycles for maintenance (such as software updates and vulnerability patching).

Advanced examples would include the creation of STIGs for the design of a corporate network. A corporate network may consist of thousands of network devices and servers that control the flow of information. Therefore, in order for the network to be efficient and secure, STIGs may be used to define a common configuration for each device type (such as routers, firewalls, domain name servers, and switches). When a structure is found to be as complex as this, it may even be beneficial to devise a STIG for common network structures found within the company (such as campus, remote site, partner site requirements). Common STIGs often are the glue that bind related STIGs created by System Administrators into groups and also address the security policies created by Upper Management.

Ultimately, STIGs are used to maintain the confidentiality, integrity, and availability of an information system and are an important part of configuration management for the system.

[edit] Resources

[edit] Tools

[edit] See also