DISA STIG/NSA Security Configuration Guides Compliance Checklist Auditing and Monitoring
The NNT STIG Solution - Non-Stop STIG Compliance
As an OVAL Adopter, NNT Change Tracker can ingest SCAP and OVAL XCCDF content to produce both reporting and monitoring templates for all STIGs and SCGs, as well as any other SCAP or OVAL checklist, for example, CIS Benchmark Checklists.
Compliance audit reports based on the STIG can be generated immediately using either locally installed Change Tracker Agents on the device or using a remote, agentless approach.
Crucially though, in addition to delivering a snapshot STIG scan, a non-stop monitoring template can be created from the STIG compliance report checklist. This approach provides continuous, real-time monitoring of STIG compliance, reporting any drift within seconds of changes occurring. System-wide file integrity monitoring can also be operated continuously with changes reported in real-time to maximize breach detection awareness.
DISA STIG Reports
For each STIG Benchmark we provide the official manual STIG which gives detailed guidance for manually auditing and assessing a system for compliance with published STIG configuration settings, together with an example output of an automated NNT Change Tracker Gen7 R2 assessment.
In accordance with DOD directives regarding IA-enabled IT devices (such as DoDD 8500.1), DISA and the NSA - via the Defense IA program - provide security configuration guidelines known as Security Technical Implementation Guides or STIGs.
Did you know? In May of 2012, the Commander of the US Cyber Command and Director of NSA announced that he believed adoption of the CIS Controls was a good foundation for effective cybersecurity, and that they are an excellent example of how public and private sector organizations can voluntarily come together to improve security. His endorsement was the result of NSAs investment over the period of a year of some of its top talent vetting the CIS Controls to be certain they reflected the actual risks faced by industrial and government systems.