STIG

Jan 1, 0001

Definition

Security Technical Implementation Guides (STIGs) are a set of cybersecurity requirements developed by the United States Department of Defense (DoD) to enhance the security posture of information systems. They provide detailed guidance on securing various software, hardware, and network components by outlining specific configuration settings and practices. STIGs are used to ensure systems are compliant with DoD security policies and help mitigate vulnerabilities by enforcing standardized security controls.

Secure Settings Example

# Example of a secure SSH configuration following STIG guidelines
Port 22
Protocol 2
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
AllowTcpForwarding no
X11Forwarding no

Insecure Settings Example

# Example of an insecure SSH configuration
Port 22
Protocol 1
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM no
AllowTcpForwarding yes
X11Forwarding yes

STIG

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter