HOME

TheInfoList



Click Here for Items Related To - Security Technical Implementation Guide
OR:
Security Technical Implementation Guide on:   [Wikipedia]   [Google]   [Amazon]

A Security Technical Implementation Guide or STIG is a configuration standard consisting of cybersecurity requirements for a specific product. The use of STIGs enables a methodology for securing protocols within networks, servers, computers, and logical designs to enhance overall security. These guides, when implemented, enhance security for software, hardware, physical and logical architectures to further reduce vulnerabilities. Examples where STIGs would be of benefit is in the configuration of a
desktop computer A desktop computer (often abbreviated desktop) is a personal computer designed for regular use at a single location on or near a desk due to its size and power requirements. The most common configuration has a case that houses the power supply ...
or an enterprise server. Most operating systems are not inherently secure, which leaves them open to criminals such as identity thieves and computer hackers. A STIG describes how to minimize network-based attacks and prevent system access when the attacker is interfacing with the system, either physically at the machine or over a network. STIGs also describe maintenance processes such as software updates and
vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
patching Patching is a small village and civil parish that lies amid the fields and woods of the southern slopes of the South Downs in the National Park in the Arun District of West Sussex, England. It has a visible hill-workings history going back t ...
. Advanced STIGs might cover the design of a corporate network, covering configurations of routers, databases, firewalls, domain name servers and switches. __NOTOC__


See also

*
CIA triad Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
*
Information Assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, n ...
*
Security Content Automation Protocol The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Fed ...


References

{{Reflist


External links


NIST Security Configuration Checklists RepositorySecurity Technical Implementation Guides and Supporting Documents in the Public AreaOnline STIG search
Configuration management Security compliance