CDM-CYBER-DEFENSE-eMAGAZINE-March-2019
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Automated STIG “Hardening” Finally Comes to<br />
Government IT<br />
For the thousands of hard-working men and women responsible for securing government IT<br />
networks to the Defense Information Systems Agency’s mandatory “STIG” standards, the task<br />
can be daunting and even somewhat thankless.<br />
That is because the STIGs (Security Technical Implementation Guides) outline hundreds of pages<br />
of detailed rules that must be followed to properly secure or “harden” the government computer<br />
infrastructure.<br />
Given that this work is typically a manual process, it can be extremely tedious and time consuming<br />
for IT personnel. In fact, it is estimated that the government spends hundreds of millions annually<br />
to remain in compliance with the STIG standards.<br />
So, as new software tools enter the market that automate the process to near push-button<br />
simplicity, the first reaction after “sounds too good to be true,” is considerable relief.<br />
By automating the process, a task that once took weeks – or even months – can be completed in<br />
a few hours across all endpoints. Ongoing security updates are also automatic and can be<br />
completed in minutes.<br />
Explaining the STIGs<br />
To be fair, there can be a considerable “fog” surrounding the STIGs.<br />
The STIGs essentially exist because government networks are largely built using commercial<br />
operating systems (Windows/Linux), database management systems, web servers and other<br />
network devices. The STIGs, therefore, define alterations in operating environment settings so<br />
these environments can be configured in the most secure manner possible.