STIG 101: The Basics
What are STIGs?
As we speak, there are as many as 10,000 vulnerabilities in your system that, if not secured, could be a gateway to phishing, hacking or malware. This is why the Defense Information Systems Agency (DISA) created Security Technical Implementation Guides (STIGs). STIGs encompass a standardized and customizable set of rules for installing, supporting, running, and securing systems in the government against cyberattack.
STIGs are critical to protecting our most sensitive data. They are updated quarterly with known and emerging vulnerabilities in mind. Throughout the DoD and other agencies—such as TSA and the DoJ—they are a mandated part of securing and maintaining systems and devices.
How did STIGs come about?
STIGs are created and maintained by DISA, an agency of the DoD. A government study was conducted to determine whether government systems were being implemented securely and if there was consistency across agencies.
The result of the study was a recognized need to create rules, identify best practices and provide guidance around the technical aspects of organizing, delivering, and managing defense-related information. This encompasses not just rules around system implementation and maintenance, but also the human behaviors that frequently result in breaches. Those rules, also known as controls, are what make up the Security Technical Implementation Guides that we call STIGs.
What all gets STIGged in a system?
As you can imagine, commercial applications are not created to align with internal DoD mandates. The operating systems, routers, printers, apps—the elements that make up modern systems—all need to go through the STIG process before they are secure enough to be used in government systems.
DISA lists over 10,000 controls that need to be STIGged to meet mandates. Then, 90 days later, you need to do it again when updates come out. Whether you are a small network managed by just one expert or a larger organization with a team of dozens, it is an overwhelming effort. There are not enough experts in the workforce to do the work easily and efficiently.
But STIGs are a vital factor in our nation’s cybersecurity. And, mandated or not, government or not, organizations look to STIGs as the gold standard. This level of security is becoming more accessible, both inside the government and out, with the help of automation solutions that do the work in hours, not weeks and months.
Are STIGs right for me?
STIGs are both incredibly important and incredibly intricate. On the one hand, it’s a lot of work. On the other, they are very effective in keeping data secure.
To learn more about what STIGs can do for your cybersecurity, download SteelCloud’s STIGs For Dummies eBook, a definitive guide from the minds of SteelCloud’s most seasoned subject matter experts. Then, if you want to see how to make short work of a long process, schedule a demo of our STIG automation solution, ConfigOS.