Device Hardening and Continuous Compliance Monitoring CONTINUOUS COMPLIANCE

DISA STIG/NSA Security Configuration Guides Compliance Checklist Auditing and Monitoring

The NNT STIG Solution - Non-Stop STIG Compliance

As an OVAL Adopter, NNT Change Tracker can ingest SCAP and OVAL XCCDF content to produce both reporting and monitoring templates for all STIGs and SCGs, as well as any other SCAP or OVAL checklist, for example CIS Benchmark Checklists.

Compliance audit reports based on the STIG can be generated immediately using either locally installed Change Tracker Agents on the device or using a remote, agentless approach.

Crucially though, in addition to delivering a snapshot STIG scan, a non-stop monitoring template can be created from the STIG compliance report checklist. This approach provides continuous, real-time monitoring of STIG compliance, reporting any drift within seconds of changes occurring. System-wide file integrity monitoring can also be operated continuously with changes reported in real-time to maximize breach detection awareness.

» Find out why NNT Change Tracker is the Number One Tripwire alternative for continuous DISA STIG compliance assessment

(Note: periodically scheduled scan option also available using both agent and agentless technology to detect any configuration drift or host intrusion)

DISA STIG Backgrounder

In accordance with DOD directives regarding IA-enabled IT devices (such as DoDD 8500.1), DISA and the NSA - via the Defense IA program - provide security configuration guidelines known as Security Technical Implementation Guides or STIGs.

The intent of DoDD 8500.1 is as follows

"All DoD information systems shall maintain an appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability that reflect a balance among the importance and sensitivity of the information and information assets; documented threats and vulnerabilities; the trustworthiness of users and interconnecting systems; the impact of impairment or destruction to the DoD information system; and cost effectiveness"

In other words, all Information Assurance systems must be hardened.

The breadth and depth of STIG content provides comprehensive guidance to prevent security breaches through vulnerability mitigation. STIG checklists are provided in SCAP format and a full list of STIGs is available from the Information Assurance Support Environment at

Various vulnerability scanners can be used to assess compliance with a STIG, including the SCAP Compliance Checker (SCC) developed by the Space and Naval Warfare (SPAWAR) Systems Center Atlantic. However all scanning solutions suffer from the same limitations in that scan results are only valid at the time of scanning.To detect any drift from the STIG requires a new full scan of all settings which is both time and resource intensive.

Furthermore scanning for compliance with a STIG gives only one measure of security - changes to system files requires a more widespread file integrity monitoring operation which is an even more time and resource expensive function for a scanner to perform (even though most STIG scanning solutions do not even provide the option for this type of FIM test).

Download the Stig Checklist

pdf U_Windows_2008_R2_MS_V1R14_STIG_Benchmark_NNT.pdf

The Windows Server 2008 R2 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus, as well as the Windows Server 2008 R2 Security Guide and security templates published by Microsoft Corporation.

Register for a free trial and automate your systems now.

try it get a quote request a demo ask a question

And the number one solution that delivers all the
key security and compliance benefits of file integrity monitoring is NNT Change Tracker™

Easiest To Use – Most Fully Featured – Most Affordable
Learn more about NNT Change Tracker here


HarrodsOne of our objectives as an IT Service Delivery Team is to minimize the number of suppliers on our books. We wanted to make sure we got as much of the PCI DSS requirements covered as we could with as few products and suppliers as possible. Working with NNT and Change Tracker was easy - their knowledge and experience of the PCI DSS, coupled with their technology made this project completely straightforward.
John Dilkes, IT Security Manager, Harrods

Trusted by:
USA Offices
New Net Technologies Ltd
9128 Strada Place
Naples, Florida, 34108
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
St Albans


Tel: 08456 585 005
Fax: 08456 122 031
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.