1. What are STIGs?Contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to attackConfiguration standards for DoD IA and IA-enabled devices. All of these define STIGsMinimally acceptable configuration standards for systems that store, process or transmit DoD information 2. Who Develops STIGs?VendorsDISADoD CIONIST 3. Roughly how often are STIGs updated?MonthlyQuarterlyWeeklyAnnually 4. Where are STIGS published to/downloaded from?checklists.miliase.disa.milnvd.govnist.gov/stigs 5. Which STIGs require a CAC to download?JIE Network, Apache, WirelessBackbone Transport, General Purpose Operating System, ApacheEnclave & DMZ, General Purpose Operating System, WirelessBackbone Transport, Enclave & DMZs, JIE Network 6. What are sunset products?STIGS that are unavailable for older productsSTIGs for older product that are no longer supported by DISANone of the aboveSTIGs that are currently supported by DISA 7. What authoritative documents dictate that DoD organizations use security technical implementation guidance?DoDI 8500.01 and NIST SP 800-53DoDI 8510.01 and NIST SP 800-53DoDI 8500.01 and DoDI 8510.01NSIT SP 800-53 and NIST SP 800-37 8. What is XCCDF?Extensible Configuration Checklist Description FormatExtendable Configuration Checklist Description FormatExtensible Checklist Configuration Description Format 9. What is a CAT 1 finding?Recommendations that will improve IA posture but are not required for an authorization to operateFindings that have the potential to lead to unauthorized system access or activityAllows primary security protections to be bypassed, allowing immediate access by unauthorized personnel or unauthorized assumption of super-user privileges 10. Which software tool generates a manual review checklist?ACASSTIG ViewerSCAP Compliance CheckereMASS 11. What is the definition of 'Not Applicable'?Configurable, may or may not meet requirements based on settingsThe feature does not exist in the product and therefore cannot be exploitedInherently meets, not configurable, but meets the requirement by defaultDoes not meet, not configurable and does not meet the requirement 12. Other than STIG Viewer, how can you view the STIG file?Open the .doc file in WordOpen the .pdf file in Adobe ReaderYou can't. It can only be viewed in STIG Viewer.Open the .xml file in a browser 13. What is SCAP in terms of SCC?Security Content Automation ProtocolSecurity Certification and Authorization ProcessSecurity Certification and Authorization PackageSpecialty Coffee Association of Panama 14. Does SCC Scan for all configuration settings?NoYesDepends on the benchmark used 15. Which requires a CAC to download?Operating System STIG contentSTIG ViewerSCC install filesSCC benchmark content Loading...
