From: SIGNAL Online/AFCEA
By Chris LaPoint/Guest Blog
Thousands of military information technology security personnel probably sat down at their computers this morning and opened a spreadsheet listing hundreds of rules for Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) compliance. They then might have spent hours logging onto information technology devices, looking at configurations and laboriously going through them line by line to ensure each setting matched the rules in that spreadsheet.
In six months, they’ll do it all over again.
The DISA STIGs are not new—in fact they predate the Federal Information Security Management Act—and noncompliance can have drastic consequences. If you are severely out of compliance and are not acting to fix it, the designated approving authorities (DAAs) can simply remove your application or system from the network. And today, you cannot expect to fly under the radar, since newer technology makes it easy for auditors to see whether you have applied the STIGs appropriately to your systems.
Leave a Reply