www.solarwinds.com Open in urlscan Pro
2a02:26f0:3500:18::1724:a28a  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * SolarWinds Home
 * Customer Portal
 * Partners
 * Monalytic Home
 * All Products
 * Online Quote
 * Call 1-877-946-3751
   English
   Deutsch Español Français 日本語 한국어 Português 中文

English
Deutsch Español Français 日本語 한국어 Português 中文
SECTORS SOLUTIONS Resources & Support News & Events Partners
Contact UsHow to Buy
×

Sectors

Federal Civilian Defense State & Local Education Healthcare

By Need

Network Operations Cloud Computing Compliance Remote Monitoring Data
Consolidation Continuous Monitoring DevOps IT Consolidation CyberSecurity

By Industry

Enterprise Banking & Finance Health & Human Services

Certifications & VPATS

Section 508 VPATS

Compliance

DISA STIG FISMA NIST RMF

Support

Federal Premium Support Monalytic Federal Deployment Services

Educational & Technical Resources

eBooks Case Studies Whitepapers Webcasts Documentation

News & Events

News Events
SECTORS

Sectors

Federal Civilian Defense State & Local Education Healthcare
SOLUTIONS

By Need

Network Operations Cloud Computing Compliance Remote Monitoring Data
Consolidation Continuous Monitoring DevOps IT Consolidation CyberSecurity

By Industry

Enterprise Banking & Finance Health & Human Services
Resources & Support

Certifications & VPATS

Section 508 VPATS

Compliance

DISA STIG FISMA NIST RMF

Support

Federal Premium Support Monalytic Federal Deployment Services

Educational & Technical Resources

eBooks Case Studies Whitepapers Webcasts Documentation
News & Events

News & Events

News Events
Partners
Contact Us
How to Buy



UNDERSTANDING DISA STIG COMPLIANCE REQUIREMENTS




INFORMATION SECURITY IS ONE OF THE MOST IMPORTANT TASKS A FEDERAL IT PRO
UNDERTAKES.

It’s also one of the most complex—particularly as it relates to compliance
requirements.

While the National Institute for Standards and Technology (NIST) provides
reference guidance across the federal government, and the Federal Information
Security Management Act (FISMA) provides guidance for civilian agencies,
Department of Defense (DoD) systems have yet another layer of requirements
promulgated by the Defense Information Systems Agency (DISA).

Federal IT security pros within the DoD must comply with the technical testing
and hardening frameworks known by the acronym STIG, or Security Technical
Implementation Guide. According to DISA, STIGs “are the configuration standards
for DOD [information assurance, or IA] and IA-enabled devices/systems…The STIGs
contain technical guidance to ‘lock down’ information systems/software that
might otherwise be vulnerable to a malicious computer attack.”

To date, DoD has released 461 STIGs, and continues to release more on a
semi-regular basis.

While meeting so many requirements may seem daunting, DISA provides both
requirements and tools for validating and implementing the security
requirements. There are several common testing tools that implement STIGs. Some,
like Assured Compliance Assessment Solution (ACAS), were developed by industry
specifically for DISA. Others, like the Security Content Automation Protocol
(SCAP) Compliance Checker (SCC) were developed by the U.S. Navy for use by
Defense agencies. Some tools have even been developed to encompass a particular
category of system components, such as network components, or a particular
functional process, such as log aggregation and analysis.

TESTING TOOLS

While the DoD has made managing risk easier by providing hardened baselines for
operating systems, system components, and network devices through STIGs,
additional compliance requirements will require further effort.

That said, the additional effort is highly manageable, especially with
automation.

SolarWinds® Network Configuration Manager (NCM) is designed specifically to
automate
the task of managing network configuration and compliance. NCM can help federal
IT pros deploy standardized configurations, detect out-of-process changes, audit
configurations, and correct compliance violations. NCM can integrate with the
National Vulnerability Database to help more easily identify and eliminate known
vulnerabilities.

NCM is also built to:

 * Inventory network device configurations, assess configurations for
   compliance, and automate change and configuration management
 * Implement configuration of security controls and help assure effectiveness
 * Produce FISMA and DISA STIGs reports from configuration templates
 * Produce audit documentation and reports

Federal IT pros can get more information on NCM here.

SolarWinds Server Configuration Manager (SCM)

In modern IT environments, making configuration changes is easy, but tracking
them and their impact is hard. Even with the best change control processes, it’s
often impossible to control all the configuration changes happening to your
infrastructure. And when configurations start to drift, the problems
start—outages, slowdowns, security breaches, and compliance violations.
SolarWinds Server Configuration Monitor is designed to quickly reveal when
server, application, or database configurations change, who’s changing them,
what changed, and show performance impact—helping you have the necessary
visibility to troubleshoot faster, improve security, and demonstrate compliance.
Monitoring your server configurations against compliance policies can be
cumbersome. With adding a policy engine, out-of-the box policies for DISA STIG,
new alerts, and reports for compliance policies, SCM is helping operationalize
compliance monitoring. SCM is also built to:

 * Detect, alert, and report on changes with hardware inventory, registry
   entries, binary and text files,
   software inventory, IIS configuration files, and script outputs
 * Capture and track who made configuration changes
 * Compare current configurations against a baseline or between any two points
   in time
 * Correlate configuration changes with network and application performance
 * Automatically detect infrastructure eligible for monitoring
 * View and report on hardware and software inventories

Federal IT pros can get more information on SCM here.

Most system components covered by a STIG can generate logs. System logs, event
logs, error logs, messages, and the like can quickly grow to tremendous size
and, taken together, can present an equally tremendous effort to review the logs
for anomalous behavior that may indicate compromise of the system’s
confidentiality, integrity, and availability. Many federal IT teams address this
challenge by implementing a Security Information and Event Management (SIEM)
solution.

An SIEM tool may be configured to consume logs across the environment, analyze
the logs, and identify potential vulnerabilities or anomalous behavior. An SIEM
tool can triage these findings in a prioritized manner for action by the federal
IT security team. A properly configured and tuned SIEM tool can automate the
entire process, helping ease the load of an already heavily tasked federal
security team.

SolarWinds SIEM tool Security Event Manager (SEM) can simplify STIG requirements
by automating compliance and—just as important—reporting on that compliance.

Federal IT pros can get more information on SEM here.

CONCLUSION

For DoD federal IT pros, STIG compliance is a requirement. There are hundreds of
possible STIGs, each of which can contain dozens to hundreds of technical
controls that must be tested for compliance. Most federal IT teams already have
a full plate. This is where tools like NCM and SEM shine, helping the entire
federal IT team achieve compliance and compliance reporting with the support of
automated tools that can lighten the whole team’s load.

STIGs apply to DoD agencies. However, FISMA compliance and the NIST Risk
Management Framework (RMF) guide all agencies.

For more information on the NIST Risk Management Framework, a range of
additional federal security compliance information, and leveraging configuration
management, download the Daily Federal Compliance and Continuous Cybersecurity
Monitoring whitepaper.

We’re Geekbuilt.®

Developed by network and systems engineers who know what it takes to manage
today’s dynamic IT environments, SolarWinds has a deep connection to the IT
community.

The result? IT management products that are effective, accessible, and easy to
use.

Company Career Center IT Glossary Preference Center For Government Documentation
Trust Center Investors Secure by Design Resource Center For Customers GDPR
Resource Center Security Information

Quote
Legal Documents Privacy California Privacy Rights





©2023 SolarWinds Worldwide, LLC. All rights reserved.

SolarWinds uses cookies to enhance site navigation, analyze site usage and
assist with our marketing efforts. By clicking "Accept All Cookies", you agree
to our use of cookies on your device in accordance with our Cookie Policy. For
more information on how we process your data, refer to ourSolarWinds Privacy
Notice

Cookie Settings Accept All Cookies



SOLARWINDS PRIVACY PREFERENCE CENTER




 * YOUR PRIVACY


 * STRICTLY NECESSARY COOKIES


 * FUNCTIONAL COOKIES


 * PERFORMANCE COOKIES


 * TARGETING COOKIES

YOUR PRIVACY

When you visit any SolarWinds website, we may store or retrieve information on
your browser, mostly in the form of cookies. This information might be about
you, your preferences or your device and is mostly used to make the site work as
you expect it to. The information does not usually directly identify you, but it
can give you a more personalized web experience. Because we respect your right
to privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer. For more information on cookies, see our
Cookie Policy

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms.    You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.

FUNCTIONAL COOKIES

Functional Cookies


These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages.    If you do not allow these cookies then
some or all of these services may not function properly.

PERFORMANCE COOKIES

Performance Cookies


These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.    All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

TARGETING COOKIES

Targeting Cookies


These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites.    They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Back Button


BACK

Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Clear
checkbox label label
Apply Cancel
Confirm My Choices
Allow All