1. What are STIGs?All of these define STIGsContain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to attackMinimally acceptable configuration standards for systems that store, process or transmit DoD informationConfiguration standards for DoD IA and IA-enabled devices. 2. Who Develops STIGs?DISAVendorsDoD CIONIST 3. Roughly how often are STIGs updated?WeeklyAnnuallyMonthlyQuarterly 4. Where are STIGS published to/downloaded from?nist.gov/stigschecklists.miliase.disa.milnvd.gov 5. Which STIGs require a CAC to download?Backbone Transport, General Purpose Operating System, ApacheEnclave & DMZ, General Purpose Operating System, WirelessJIE Network, Apache, WirelessBackbone Transport, Enclave & DMZs, JIE Network 6. What are sunset products?STIGS that are unavailable for older productsSTIGs for older product that are no longer supported by DISANone of the aboveSTIGs that are currently supported by DISA 7. What authoritative documents dictate that DoD organizations use security technical implementation guidance?NSIT SP 800-53 and NIST SP 800-37DoDI 8500.01 and DoDI 8510.01DoDI 8500.01 and NIST SP 800-53DoDI 8510.01 and NIST SP 800-53 8. What is XCCDF?Extensible Checklist Configuration Description FormatExtensible Configuration Checklist Description FormatExtendable Configuration Checklist Description Format 9. What is a CAT 1 finding?Recommendations that will improve IA posture but are not required for an authorization to operateFindings that have the potential to lead to unauthorized system access or activityAllows primary security protections to be bypassed, allowing immediate access by unauthorized personnel or unauthorized assumption of super-user privileges 10. Which software tool generates a manual review checklist?SCAP Compliance CheckerSTIG ViewereMASSACAS 11. What is the definition of 'Not Applicable'?The feature does not exist in the product and therefore cannot be exploitedDoes not meet, not configurable and does not meet the requirementConfigurable, may or may not meet requirements based on settingsInherently meets, not configurable, but meets the requirement by default 12. Other than STIG Viewer, how can you view the STIG file?Open the .doc file in WordOpen the .pdf file in Adobe ReaderYou can't. It can only be viewed in STIG Viewer.Open the .xml file in a browser 13. What is SCAP in terms of SCC?Security Content Automation ProtocolSpecialty Coffee Association of PanamaSecurity Certification and Authorization PackageSecurity Certification and Authorization Process 14. Does SCC Scan for all configuration settings?Depends on the benchmark usedNoYes 15. Which requires a CAC to download?SCC benchmark contentSCC install filesSTIG ViewerOperating System STIG content Loading...
