1. What are STIGs?All of these define STIGsMinimally acceptable configuration standards for systems that store, process or transmit DoD informationConfiguration standards for DoD IA and IA-enabled devices. Contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to attack 2. Who Develops STIGs?DoD CIOVendorsNISTDISA 3. Roughly how often are STIGs updated?AnnuallyQuarterlyMonthlyWeekly 4. Where are STIGS published to/downloaded from?checklists.milnvd.goviase.disa.milnist.gov/stigs 5. Which STIGs require a CAC to download?Backbone Transport, Enclave & DMZs, JIE NetworkBackbone Transport, General Purpose Operating System, ApacheJIE Network, Apache, WirelessEnclave & DMZ, General Purpose Operating System, Wireless 6. What are sunset products?STIGs for older product that are no longer supported by DISASTIGs that are currently supported by DISANone of the aboveSTIGS that are unavailable for older products 7. What authoritative documents dictate that DoD organizations use security technical implementation guidance?DoDI 8510.01 and NIST SP 800-53DoDI 8500.01 and NIST SP 800-53DoDI 8500.01 and DoDI 8510.01NSIT SP 800-53 and NIST SP 800-37 8. What is XCCDF?Extensible Checklist Configuration Description FormatExtensible Configuration Checklist Description FormatExtendable Configuration Checklist Description Format 9. What is a CAT 1 finding?Allows primary security protections to be bypassed, allowing immediate access by unauthorized personnel or unauthorized assumption of super-user privilegesFindings that have the potential to lead to unauthorized system access or activityRecommendations that will improve IA posture but are not required for an authorization to operate 10. Which software tool generates a manual review checklist?eMASSSCAP Compliance CheckerSTIG ViewerACAS 11. What is the definition of 'Not Applicable'?The feature does not exist in the product and therefore cannot be exploitedDoes not meet, not configurable and does not meet the requirementConfigurable, may or may not meet requirements based on settingsInherently meets, not configurable, but meets the requirement by default 12. Other than STIG Viewer, how can you view the STIG file?Open the .xml file in a browserOpen the .pdf file in Adobe ReaderOpen the .doc file in WordYou can't. It can only be viewed in STIG Viewer. 13. What is SCAP in terms of SCC?Specialty Coffee Association of PanamaSecurity Certification and Authorization PackageSecurity Content Automation ProtocolSecurity Certification and Authorization Process 14. Does SCC Scan for all configuration settings?YesNoDepends on the benchmark used 15. Which requires a CAC to download?SCC benchmark contentSCC install filesSTIG ViewerOperating System STIG content Loading...
