Using the DoD STIG and SCAP Tool Basic Rundown
76.8 هزار بار بازدید -
6 سال پیش
-
**UPDATE for 2023**The NSWC Evaluate-STIG
**UPDATE for 2023**
The NSWC Evaluate-STIG Tool automates most of this for you now (including notes in the checklists). It can also be ran on Linux either by installing ansible and running the playbook using the bash script or installing PowerShell and running the PowerShell script.
Downloads:
https://spork.navsea.navy.mil/nswc-cr...
NIPR
- Unclassified Content Only
https://spork.navsea.navy.mil/nswc-cr...
- Unclassified and CUI Content (i.e. McAfee ENS local client STIG)
https://intelshare.intelink.gov/sites...
#Most findings are due to a lack of Documentation
Be sure to carefully read the STIG discussion and Check text, if you do not have the location of the documentation / proof (for the vulnerability) this will be a finding. Ensure your ISSO has all the required documentation so you can provide this during your CCRI.
You can find the STIG files (used with STIG viewer) and Benchmark files (used with SCAP tool) here: (You must have a DoD CAC to access, I will not provide you with the tools.)
https://cyber.mil/stigs/downloads/
STIG Viewer:
https://dl.cyber.mil/stigs/zip/U_STIG...
SCAP Tool:
https://dl.cyber.mil/stigs/zip/scc-5....
MAC Classifications (I misspoke in the video, see below)
The United States Department of Defense 8500-series of policies has three defined mission assurance categories that form the basis for availability and integrity requirements. A Mission Assurance Category (MAC) is assigned to all DoD systems. It reflects the importance of an information system for the successful completion of a DoD mission. It also determines the requirements for availability and integrity.
• MAC I systems handle information vital to the operational readiness or effectiveness of deployed or contingency forces. Because the loss of MAC I data would cause severe damage to the successful completion of a DoD mission, MAC I systems must maintain the highest levels of both integrity and availability and use the most rigorous measure of protection.
• MAC II systems handle information important to the support of deployed and contingency forces. The loss of MAC II systems could have a significant negative impact on the success of the mission or operational readiness. The loss of integrity of MAC II data is unacceptable; therefore MAC II systems must maintain the highest level of integrity. The loss of availability of MAC II data can be tolerated only for a short period of time, so MAC II systems must maintain a medium level of availability. MAC II systems require protective measures above industry best practices to ensure adequate integrity and availability of data.
• MAC III systems handle information that is necessary for day-to-day operations, but not directly related to the support of deployed or contingency forces. The loss of MAC III data would not have an immediate impact on the effectiveness of a mission or operational readiness. Since the loss of MAC III data would not have a significant impact on mission effectiveness or operational readiness in the short term, MAC III systems are required to maintain basic levels of integrity and availability. MAC III systems must be protected by measures considered as industry best practices.
The NSWC Evaluate-STIG Tool automates most of this for you now (including notes in the checklists). It can also be ran on Linux either by installing ansible and running the playbook using the bash script or installing PowerShell and running the PowerShell script.
Downloads:
https://spork.navsea.navy.mil/nswc-cr...
NIPR
- Unclassified Content Only
https://spork.navsea.navy.mil/nswc-cr...
- Unclassified and CUI Content (i.e. McAfee ENS local client STIG)
https://intelshare.intelink.gov/sites...
#Most findings are due to a lack of Documentation
Be sure to carefully read the STIG discussion and Check text, if you do not have the location of the documentation / proof (for the vulnerability) this will be a finding. Ensure your ISSO has all the required documentation so you can provide this during your CCRI.
You can find the STIG files (used with STIG viewer) and Benchmark files (used with SCAP tool) here: (You must have a DoD CAC to access, I will not provide you with the tools.)
https://cyber.mil/stigs/downloads/
STIG Viewer:
https://dl.cyber.mil/stigs/zip/U_STIG...
SCAP Tool:
https://dl.cyber.mil/stigs/zip/scc-5....
MAC Classifications (I misspoke in the video, see below)
The United States Department of Defense 8500-series of policies has three defined mission assurance categories that form the basis for availability and integrity requirements. A Mission Assurance Category (MAC) is assigned to all DoD systems. It reflects the importance of an information system for the successful completion of a DoD mission. It also determines the requirements for availability and integrity.
• MAC I systems handle information vital to the operational readiness or effectiveness of deployed or contingency forces. Because the loss of MAC I data would cause severe damage to the successful completion of a DoD mission, MAC I systems must maintain the highest levels of both integrity and availability and use the most rigorous measure of protection.
• MAC II systems handle information important to the support of deployed and contingency forces. The loss of MAC II systems could have a significant negative impact on the success of the mission or operational readiness. The loss of integrity of MAC II data is unacceptable; therefore MAC II systems must maintain the highest level of integrity. The loss of availability of MAC II data can be tolerated only for a short period of time, so MAC II systems must maintain a medium level of availability. MAC II systems require protective measures above industry best practices to ensure adequate integrity and availability of data.
• MAC III systems handle information that is necessary for day-to-day operations, but not directly related to the support of deployed or contingency forces. The loss of MAC III data would not have an immediate impact on the effectiveness of a mission or operational readiness. Since the loss of MAC III data would not have a significant impact on mission effectiveness or operational readiness in the short term, MAC III systems are required to maintain basic levels of integrity and availability. MAC III systems must be protected by measures considered as industry best practices.
6 سال پیش
در تاریخ 1397/01/01 منتشر شده
است.
76,853
بـار بازدید شده