How to install stig viewer Open your favorite web browser, and visit the DISA website. STIG Manager supports DISA checklists distributed as either a Security Technical Implementation Guide (STIG) or a Security Requirements Guide (SRG). Most of my experience is in Windows based environments using Nessus. I had to do the following steps: Open CMD Navigate to the directory STIG Viewer resides Run the following command without the quotes: "java -jar filename. Apr 7, 2022 · The first tool needed to work with STIGs is the STIG Viewer, which is available from the DoD Public Cyber Exchange. I downloaded the files from the DoD Cyber Exchange and set it all up and played around with it according to the YouTube video demonstrations I watched. x-Win64 or STIG Viewer 3. To find out if your web browser supports JavaScript or to enable JavaScript, see web browser help. 17 and STIGS. x and STIG-SRG Applicability Guide. 4. The DOD/DISA STIG Viewer tool provides the capability to view one or more XCCDF (Extensible Configuration Checklist Description Format) formatted STIGs in an easy-to-navigate, human-readable format. When a new archive is released each quarter, the site will be updated. Features OpenRMF ® OSS is the first web-based open source tool allowing you to collaborate on your DoD STIG checklists, DISA / OpenSCAP / Nessus SCAP scans, and Nessus / ACAS patch data, then generate NIST compliance in minutes (or less). aspx Aug 7, 2025 · Online STIG viewerThis website is not created by, run, approved, or endorsed by the U. The DoD/DISA STIG Viewer tool provides the capability to view one or more XCCDF (Extensible Configuration Checklist Description Format) formatted STIGs in an easy-to navigate, human-readable format. Oct 11, 2023 · RHEL 9 is the latest Red Hat operating system to receive a STIG. INTRODUCTION STIG Viewer Version 3. Overview Details Check Text (C-235754 r 960963 _chk) Sep 13, 2024 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. com. But for this tutorial, choose STIG Viewer 2. OpenRMF OSS is the first open source tool to manage your DoD STIG checklists, generate NIST compliance, keep track of your security items that are Open or Not Reviewed, and shrink your timeline to submit for an ATO! May 15, 2025 · Extensions installation must be blocklisted by default. HOWTO: STIG Rocky Linux 8 Fast - Part 1 Terminology Reference DISA - Defense Information Systems Agency RHEL8 - Red Hat Enterprise Linux 8 STIG - Secure Technical Implementation Guide SCAP - Secure Content Automation Protocol DoD - Department of Defense Introduction In this guide we are going to cover how to apply the DISA STIG for RHEL8 for a New Installation of Rocky Linux 8. Nov 12, 2023 · STIG Viewer (Security Technical Implementation Guide Viewer) tool is designed to assist in viewing, searching, and customizing DISA’s Security Technical Implementation Guides (STIGs). Access to Target Systems: Ensure Ansible can connect via SSH or WinRM. The anaconda installer leveraged this content to modify the rocky 8 configuration to implement various controls, install/remove packages, and change the way the OS level mount points work. Following I demonstrate how to import the SCAP scan results to the STIG Viewer. ckl” extension and can be opened and viewed only by using the STIG Viewer. This tutorial is going to show you how to use STIGs (Security Technical Implementation Guides) to identify low, medium and high vulnerabilities and patch them in your Windows Environments. ) Defense Information Systems Agency (DISA). 0, 1. We had to change the settings on our networks to allow local login, remote login, and network login for domain and enterprise admins to fix this. Basically. This video is a comprehensive guide that will help you understand how to use th STIG Viewer The STIG Viewer is a Java-based application that will be used in conjunction with the SCAP Compliance Checker scan results in order to view the compliance status of the system’s security settings. Nov 26, 2024 · Preparing to Automate STIG Compliance Prerequisites for Automation Before diving into automation, ensure the following: Ansible Installed: Install Ansible on your control node. This website is created by open-source software. That gives you an XCCDF XML file you can load into OpenRMF OSS or OpenRMF Professional to quickly get a checklist CKL file to give to your group asking for a DISA Checklist file for RMF, FedRAMP or cyber compliance. If you sign up for the mailing list, you'll be automatically notified about what was updated. 9. Issued To - Issued By - Thumbprint DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477 Administrators should run the Federal Bridge Certification Authority (FBCA) Cross-Certificate Removal Tool once as an administrator and STIGQter is an open-source reimplementation of DISA's STIG Viewer. without SCAP tool results) to conduct a manual audit of information system security controls. The conversion process has begun for XCCDF, to enable STIG consumption by tools where both compliance and configuration remediation can be automated with the addition of OVAL code. This is a very basic video for someone who has never used a DISA STIG or STIG viewer before. Look for Tools that Automate time-intensive Steps in the STIG process DISA STIG Viewer is a Java-based graphical user interface to open content and create checklists for managing the STIG security settings on your system or network. May 14, 2025 · The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency. Click STIG Viewer 3. The checklist files have a “. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. STIG Viewer has got your back. The Get-Stig function queries the StigData and returns a full list. This package contains ADMX template files, GPO backup exports, GPO reports, and WMI filter exports and STIG Checklist files. STIGQter is developed using the Qt framework, and its goal is to more accurately mirror the asset management layout of eMASS. Apr 15, 2025 · However, navigating and referencing these STIGs can often be cumbersome. Want a faster way to determine this. x and describe functionalities from a user perspective. STIGs provide a standard configuration baseline for components of information systems owned by the Department of Defense (DoD) and other federal agencies, supporting these systems in satisfying strict security standards. It is used to generate STIG Checklist files (CKLs) and build finding reports. May 14, 2025 · Install RHEL 9 security patches and updates at the organizationally defined frequency. Please Note - The content contained within this site is taken from the publicly available, UNCLASSIFIED DISA STIG 'zip' archive. I also show you how to create Windows 10 STIG checklist and how to import the SCAP scan results to the STIG Viewer to review and remediate Not Reviewed checks. Download STIG Viewer latest version for Windows free. stig_spt@mail. html file for the evaluation results. 7. Aug 16, 2022 · The DISA STIG for Red Hat Enterprise Linux version 8 (“RHEL 8”) is published on Github. g. Jun 11, 2025 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. jar" For me the file name of step three was STIGViewer-2. Sep 16, 2025 · Security Content Automation Protocol (SCAP) Compliance Checker SCC is a SCAP Validated Authenticated Configuration Scanner, with support for SCAP versions 1. Nov 5, 2025 · --check-engine-results \ --stig-viewer=path-to-stig-viewer-report. The future format for STIG publication is XCCDF output. How to apply STIG's to a Server. com Download the ZIP file, unarchive, and install the application. Comments or proposed revisions to this document should be sent via email to the following address: disa. 17 is the latest version at this time of writing. \ To find out if your web browser supports JavaScript or to enable JavaScript, see web browser help. Scroll down to “ SCAP Tools ”, select page 3, and grab “SCC X. Use of the viewer does not Mar 21, 2022 · Sorry about the alphabet soup. Among the various standards and guidelines developed to ensure robust security practices, the Department of Defense (DoD) Security Technical Implementation Guides (STIGs) stand out for their comprehensive and stringent requirements We would like to show you a description here but the site won’t allow us. It is compatible with STIGs developed and published by DISA for the DoD. Result STIG Viewer If you want to import the XCCDF scan results to DISA STIG Viewer but your Rule IDs don’t match the DISA’s ones, you can use the --stig-viewer command-line argument along with a special reference in your Rules to generate XCCDF result files that can be imported by DISA STIG Viewer. Oct 9, 2018 · 2. Tools and Nov 3, 2022 · This article shows how to install the public Cyber Security Tech Implementation Guide (STIG) viewer app. Dec 6, 2023 · Configuring DISA stig RHEL 8 requires both technical knowledge and experience, including understanding what each command does as well. May 5, 2025 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. < Go to the original STIG Viewer on macOS A Security Technical Implementation Guide or STIG is a config guide that tells you what configs you need to secure a product. Apr 8, 2022 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. Excluded are Security Readiness Review (SRR) Tools (scripts and OVAL Benchmarks), Group Policy Objects, and draft SRGs and STIGs. Linux users, run the script and it will launch your program by spawning a command window and then the program. Feb 3, 2021 · If you decide to harden the systems during installation, you need to activate the option “Security Policy” in the installation setup phase, then select the profile called “DISA STIG for Red Hat Enterprise Linux 7” and follow the on-screen instructions. The U. That’s why I’ve built a STIG web application in order to view and filter down into STIGs more readily. If you can get access to the Red Hat training material for rhcsa, it’s also a great way to get started. These threats mainly include cyberattacks, but they can also be problems caused by the use of misconfigured systems. Install STIG Viewer using Winget. Aug 27, 2024 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. So don't miss out and watch this video right now! See full list on mohammaddarab. . Dec 28, 2022 · 1. The purpose of STIG Viewer is to provide an intuitive graphical user interface that allows ease of access to the STIG content, along with additional search and sort functionality. So what I watched and did, is basically scan a file that’s has CAT 1, 2, & 3 vulnerabilities and imported it to the Stig Viewer & fixed the errors by using CMD in The DoD/DISA STIG Viewer tool provides the capability to view one or more XCCDF (Extensible Configuration Checklist Description Format) formatted STIGs in an easy-to navigate, human-readable format. When… Create a checklist from the drop down menu “Checklist” in your STIG Viewer using relevant STIG benchmarks Import XCCDF file and sort by Vulnerability IDs Compare the control ID’s on the report to the SSP and other documentation listed above to determine which control ID’s are ‘required’ and which are ‘tailored out’ The purpose of the STIG Viewer is to provide an intuitive graphical user interface that allows ease of access to the STIG content along with additional search and sort functionality unavailable with the current method of viewing the STIGs using a style sheet in a web browser. I'm doing an STIG matrix and I need to determine the verification method of specific CCI's. I have a couple of questions regarding Stig and Scap. In this video, we'll show you how to download the STIG Viewer 2. Feb 27, 2025 · RHEL 9 must check the GPG signature of locally installed software packages before installation. 1. STIG Viewer is a human-friendly tool to create and manage checklists, mitigate open vulnerabilities and track security reviews of your technology assets. Use the STIG Viewer to create a Checklist, then add comments to the STIG ID's and flag them as Open, N/A, or Not A Finding as you review them on your test host. STIGs are a fun way to learn Linux. Security Technical Implementation Guides viewerPlease Note - The content contained within this site is taken from the publicly available, UNCLASSIFIED DISA STIG 'zip' archive. Mil - Security Content Automation Protocol SCAP & Security Technical Implementation Guide - STIG Sep 6, 2024 · The DoD/DISA STIG Viewer tool provides the capability to view one or more XCCDF (Extensible Configuration Checklist Description Format) formatted STIGs in an easy-to navigate, human-readable format. DISA STIGs are lists of recommended security and privacy settings for operating systems and applications. Download the STIG Viewer 3. So what I watched and did, is basically scan a file that’s has CAT 1, 2, & 3 vulnerabilities and imported it to the Stig Viewer & fixed the errors by using CMD in In this lesson, you learned how to interpret the results provided in the STIG Viewer by identifying categories of vulnerabilities and comparing the results to the System Security Plan. Download and run “STIG Viewer X. mil. 5 Linux STIG'd using the openscap-scanner and scap-workbench. Read on and learn how to make the most of STIGs with STIG Viewer! Prerequisites This tutorial will be a hands-on demonstration. DISA is the Defense Information Systems Agency. Mount the disc or image to make the contents accessible inside the system. Download the STIG Viewer ( Download the GPOs Extra (Download the STIG Compilation if you want to STIG additional software) Download the Windows 10 SCAP Benchmark… Installing DISA SCAP Compliance Checker (SCC), STIG Viewer, and running a SCAP scan. conf file: gpgcheck=1 May 23, 2025 · Install the DoD Interoperability Root CA cross-certificates on unclassified systems. Look for and click the appropriate version of STIG Viewer to download for your computer, depending on your operating system. x86_64 Aug 7, 2023 · STIGQter provides a reimplementation of DISA's STIG Viewer. Department of Defense. A beautiful and modern stig viewerOpen Source • 100% Local • Cross-Platform Take the Sting Out of STIGs May 5, 2025 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. disa. The session starts with a step-by-step installation of the OpenSCAP scanner and an init Security Technical Implementation Guides (STIGs) "Due to the delay caused by the recent Federal government furlough, we are executing an out-of-cycle release update for this October quarterly release cycle for the stigs and automation content. Just keep hitting next until it is installed. Use at your own risk. Nov 19, 2023 · Installing STIG Viewer Navigate to STIG Viewer’s page. Double-clicking on the file does not work, and neither does launching it from the command li Once PowerStig is installed, you can view the list of STIGs that are currently available. STIG Knowledge: Familiarize yourself with DISA’s guidelines relevant to your systems. This video shows how to install Rocky 9. This will give you an idea of what you can target in your environment. It contains guidance on how to configure systems to defend against potential threats. Several operating system STIGs appear on the IASE web site today in the XCCDF format. It is a JAR file, and I have Java installed on my system. STIG ID: WN22-PK-000010 | SRG: SRG-OS-000066-GPOS-00034 | Severity: medium | CCI: CCI-000185,CCI-002470 | Vulnerability Id: V-254442 The STIG setting your looking for is under computer settings>windows settings>security settings>local policies>user rights assignment. The STIG for RHEL 8 was released in early 2021 and is currently available on the Cyber Exchange, while a DISA STIG for RHEL 7 is also available. Jul 3, 2025 · STIG Viewer is a free utility designed for Windows that allows users to easily access and navigate XCCDF formatted STIGs (Security Technical Implementation Guides). 💡 SCAP tool Stig Viewer DISA Stig Profiles Apr 8, 2024 · The STIG Viewer should become a part of your DoD project team’s secure desktop environment. Brief video on how to use the new STIG viewer 2. May 12, 2022 · I'm trying to run DISA's STIGViewer on my Mac. 🔔 Solve, Learn, and Excel in IT! Feb 25, 2025 · Fix Text (F-22561r555057_fix) Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Installer >> "Always install with elevated privileges" to "Disabled". 3. May 24, 2023 · First, visit DISA’s cyber exchange. Jun 4, 2025 · The SRG/STIG Library Compilation comprises all DOD Security Requirements Guides (SRGs) and DOD Security Technical Implementation Guides (STIGs) housed on Cyber Exchange. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command: $ sudo dnf update After creating a checklist in the STIG viewer to organize notes and reference the STIG, I proceeded to import the SCAP XCCDF file into the STIG viewer. Sep 7, 2024 · Mastering DoD STIGs: A Comprehensive Guide with Use Cases and Best Practices Cybersecurity has become a paramount concern for organizations across all sectors. All Downloads for SCAP and Stig Viewer can be found Below. 1, 1 May 14, 2025 · RHEL 9 must be configured to disable USB mass storage. x-Linux. May 23, 2025 · Windows Server 2019 must have a host-based intrusion detection or prevention system. x is a replacement for the previous DISA tools STIG Viewer 2. A STIG is a config guide that secures a product. 1https://iase. Over time, these things could change and you will want to keep an eye on it. As multi-part To find out if your web browser supports JavaScript or to enable JavaScript, see web browser help. This video will show you how to download and use the STIG Viewer 2. STIG Viewer latest update: July 4, 2025 This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. To set up the lab Watch and follow along with Part 1https://youtu. Let's explore hardening a RHEL 9 system using OpenSCAP and DISA STIG. This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. These files contain the specific security guidelines and requirements you need to implement. If you are using Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux, you can install this tool and all necessary dependencies using the following command: # yum install scap-workbench Once you install and start SCAP Workbench, you will see a graphical tool providing a simple interface to a certified OpenSCAP scanner. The STIG Viewer can also be used in a manual fashion (e. How to Evaluate a DISA STIG The oscap tool can help you evaluate a Security Technical Implementation Guide (STIG) from the Defense Information Systems Agency (DISA) on your local machine with the following command: $ oscap xccdf eval --profile selected_profile --results result_file --cpe cpe_dictionary disa_stig_content If you are looking for a detailed step by step instruction please refer to How to Evaluate a DISA STIG The oscap tool can help you evaluate a Security Technical Implementation Guide (STIG) from the Defense Information Systems Agency (DISA) on your local machine with the following command: $ oscap xccdf eval --profile selected_profile --results result_file --cpe cpe_dictionary disa_stig_content If you are looking for a detailed step by step instruction please refer to This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. This allowed for a clearer visualization of vulnerabilities, color-coded according to severity (CAT I, II, III), enhancing the assessment process. X-Win64 msi” Installing SCAP Visit the SCAP Tools page. STIGs contain technical guidance on how to configure software and applications securely. I’m new to this still. be/hFEiuk91E54Complete Part 2 and 3 so your lab had internet accesshttps://youtu. Jul 21, 2022 · Install your selected viewer from step 1 and then open it up. Security Technical Implementation Guides (STIGs) that provides a methodology for standardized secure installation and maintenance of DOD IA and IA-enabled devices and systems. The purpose of the STIG Viewer is to provide an intuitive graphical user interface that allows ease of access to the STIG A STIG is a document published by the Department of Defense Cyber Exchange (DoD), which is sponsored by the Defense Information Systems Agency (DISA). Oct 30, 2019 · The GPOs provided contain most applicable GPO STIG settings contained in STIG files. Feb 10, 2023 · This is a quick step-by-step guide on how to scan your server, virtual machine, or workstation with the free OpenSCAP tool and DISA Benchmark for your operating system. It focuses more on technical aspects of the A&A process and guides students on assessing the system using the Security Content Automation Protocol (SCAP) Compliance Checker, Security Technical Implementation Guides (STIGs), and STIG Viewer. xml \ path-to-xccdf-document For more information about options that can be used with the oscap command, see the Oracle Linux 7: Security Guide and Oracle Linux 8: Using OpenSCAP for Security Compliance. Windows Server 2022 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store. OpenSCAP can generate results compatible with STIG Viewer even when evaluating SCAP content that uses different rule IDs than the official DISA STIG format, for example, content from the scap-security-guide package or third-party content. The intent of this User Guide is to assist in navigating version 3. All with one tool! May 15, 2025 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. Go to SRGs/STIGs >> SRG/STIG Viewing Tools. be/9mV3OwU Nov 27, 2023 · The Security Technical Implementation Guide/STIG Viewer Checklist files contain multiple STIG rules for compliance reporting as they apply to supported NetBackup Appliance software. DISA-STIG for Ubuntu Together with Canonical, DISA has developed STIGs for Ubuntu. Browse all Security Technical Implementation Guides Security Technical Implementation Guides (STIGs) that provides a methodology for standardized secure installation and maintenance of DOD IA and IA-enabled devices and systems. Check the path-to-report. Save the extra step of your DoD security teams putting in a service desk ticket to request the STIG Viewer installation. Dec 28, 2022 · Worry not, though. May 14, 2025 · Install the USBGuard package with the following command: $ sudo yum install usbguard. What is the STIGUI? STIGUI is a completely static and lightweight web application available at stigui. As there are 291 rules, implementation can be somewhat time-consuming. Currently the way I'm doing it is run the scap and once I import back into SV I check findings details to see if scap was able to check that STIG automatically or if it is a manual check. This is easy for Windows users. May 16, 2025 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. Mar 4, 2020 · Fix Install Red Hat package-signing keys on the system and verify their fingerprints match vendor values. Add or update the following line in the [main] section of the /etc/dnf/dnf. These reports can then be used to determine compliance in eMASS. You can choose to import either a single STIG zip file (from step 2) or the compiled database which has all of them. Insert RHEL 8 installation disc or attach RHEL 8 installation image to the system. jar This could be different based on how you extracted the STIGViewer. May 14, 2025 · Configure dnf to always check the GPG signature of software packages originating from external software repositories before installation. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa. 5. Aug 2, 2024 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. Feb 1, 2022 · This tutorial will show you how you can get started learning the technical side of Cyber Security for Windows environments. Within the ZIP file for each Operating System version of the SCAP Compliance Checker is an included PDF, instructing the user on the appropriate way to install and configure the software executable on the host system. May 15, 2025 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. ) For more information on DISA STIG Viewer see the SRG / STIG Tools website. What… This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. You can find the STIG files (used with STIG viewer) and Benchmark files (used with SCAP tool) here: (You must have a DoD CAC to access, I will not provide you with the tools. Title. x standalone ZIP file from the Cyber Exchange website. 17-Win64, as 2. For many deployments, our official To find out if your web browser supports JavaScript or to enable JavaScript, see web browser help. For Linux it’s going to take a little research. The versions of Ubuntu that have STIGs available by DISA are marked on the table below. This video walks through the use of the DISA STIG viewer. 2. - Cyber. For reasons I don’t understand you have to install a special viewing app to read them. DoD provides the STIG checklist, which can be viewed using STIG viewer, and SCAP content for auditing. Step-by-Step Guide Step 1: Access Intune Acquire DISA STIG Files: The first step in this process is to acquire the DISA STIG files from their official website (Group Policy Objects – DoD Cyber Exchange). STIG checklists are, in essence, XML files that use a variety of file formats, depending on the use case. The SRG/STIG Library Compilation is updated quarterly to capture all newly updated or released Oct 10, 2020 · Applying DISA STIGs Reviewing DISA SCC Scan Results Using the DISA STIG Viewer References Notes Security controls are applied to DoD Information Systems based on their MAC (Mission Assurance Category) You can apply DISA STIGs manually to achieve a trusted baseline Alternatively, you can use the SHB is used to automatically apply some DISA STIGs STIG Manager is an API and Web client for managing the assessment of Information Systems for compliance with security checklists published by the United States (U. S. 17 and STIGS to make your work safer and easier. In this video, I demonstrate how to run SCAP scans using the SCC tool and how to create Windows 10 STIG checklists. DISA released ansible playbooks to automate the STIG’ing process, and ansible is a great tool to learn, you could even use it for a Windows environment. This project is not associated with DISA. 💡 This is my first time stigging linux based machines using SCAP and Stigviewer. Newly Released STIGs:Sort By: Feb 11, 2025 · This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The installation varies based on your OS. Open the downloaded folder and launch “Windows_Setup”. STIG Viewer 3 integrates the capabilities of two previous DISA tools: STIG Viewer 2 and the STIG-SRG Applicability Guide. My goal for this practice is to have 100% Compliance on CAT I vulnerabilities. This article covers some selected FAQ If you built a STIG’d system in part 1, you’ve already seen this in action. X Windows”. mil/stigs/Pages/stig-viewing-guidance. May 5, 2025 · Familiarity with DISA STIGs and their requirements.