DISA Security Technical Implementation Guides (STIGs)
Security Technical Implementation Guides (STIGs) define a standardized set of security configurations and controls specifically designed for the DoD’s IT infrastructure.
- provided by the Defense Information Systems Agency (DISA)
- part of Department of Defense (DoD)
- is a combat support organization that provides information technology and communication services to all parts of DoD
- oversees technical side of delivering, organizing, and managing defense related information
Categories
-
has 3 categories that reflects the severity of the risk of failing to address a vulnerability
-
Category I
- Any vulnerabilities that will immediately cause a breach of confidentiality, availability, or integrity
- are the most dangerous and may result in death, damage to facilities, or a failure of a mission
-
Category II
- Any vulnerabilities resulting in loss of confidentiality, availability, or integrity and can lead to a Category I vulnerability, injury, damage to equipment, or degrade a mission
-
Category III
- Any vulnerabilities that degrade controls implemented to protect against the loss of confidentiality, availability, or integrity and can lead to a Category II vulnerability, delay recovering from an outage, or negatively affect the accuracy of data