Free Trial

DISA STIG Compliance

DISA STIG Support 

DISA STIG Support

Cavirin DISA Security Technical Implementation Guide (STIG) support provides several new security baselines for assessing and securing mission-critical and several value-adds to DISA STIG assessments that ease implementation and usability. These include browsing, as well as assessment and reporting.

DISA STIG - Browsing

DISA does not provide an easy to navigate mechanism for browsing the STIGs, requiring the user to work with XML and stylesheets. The Cavirin platform provides several enhancements:

Consolidation – The platform’s policy browser provides a consolidated view of the STIGs. All profiles are listed, and the operator may choose any profile to find out what policies are contained in each of them.

Classification - The security policies within the DISA STIGs are not categorized into control families from the source. Cavirin takes additional steps to categorize various security policies under respective control families, permitting the operator to pick and choose the relevant control family. The browser and permits expansion of a selected control family, describing individual tests.

Policy Details and Formatting – DISA STIGs do not provide any formatting to make it easy to read and differentiate text and code. Also, DISA SCAP content does not include details such as rationale, audit, or policy details. The Cavirin Platform combines SCAP and STIGs to present not only assessment status but also policy details: Rationale, Audit steps and Remediation Procedure. Also, each policy is well formatted to ease understanding of the desired actions.

DISA STIG - Assessment and Reporting

The Cavirin Platform supports all Windows DISA STIGs as well as Red Hat 6. Windows DISA STIGs are segregated into 3 major device types –

  1. Domain Controllers,
  2. Member Servers and
  3. Workstations

The platform eliminates complexity by allowing the operator to discover the organization’s target machines and then create asset group(s). During an assessment, one may choose an asset group and the platform automatically applies the suitable STIG based on the device type and the chosen profile. This eliminates the need to filter domain controllers from member servers or workstations.

Once the assessment is complete, the platform presents the rolled-up risk score at the asset group level. It is a combined score of multiple resources (machines) in an asset group.
Once the assessment is complete, the platform presents the rolled-up risk score at the asset group level. It is a combined score of multiple resources (machines) in an asset group.
The above report shows risk scores segregated at the control family level. It also shows a breakup of low, medium and high severities as per DISA STIGs.
 

eBook

The Enterprise Journey to the Hybrid Cloud

Demand for the Hybrid Cloud is growing at an ever increasing rate. Gartner predicts the Hybrid Cloud will become the most common form of cloud consumption, by 2020, as the nal barriers give way to the new normal in enterprise information technology (IT). This eBook walks you through the steps required to building a world-class Hybrid Cloud infrastructure from setting goals and developing consensus to building and deploying secure hybrid workloads.

 

Download eBook

© 2018 Cavirin Systems, Inc. All rights reserved.