Docstoc

STIG-Checklist Summa.. - Merry Christmas 2010

Document Sample
STIG-Checklist Summa.. - Merry Christmas 2010 Powered By Docstoc
					- Go to the STIGs @ DoD IA Portal -
Forward any questions, comments, or change requests to Donald Reed (donald-reed@us.army.mil).
This spreadsheet has been developed by USAISEC-IASED to aid in the review and determination of which DISA Security
Technical Implementation Guides (STIGS) are applicable to a system. The 'STIG Summary' worksheet provides a list of
current STIGs along with a short summary and list of key topics for each STIG. To aid in the effective application of the STIGs,
Security Checklists and Security Readiness Review Scripts are available and should be utilized as an aid for implementation
and verfication. STIGs and the related Checklists and SRR Scripts are now located in the DoD IA Portal which is co-located
with AKO. STIG documents, to include the STIGs, Checklists and SRR scripts are now logically grouped topically together
within the STIG Knowledge area (https://www.us.army.mil/suite/kc/7247620).

                                             - Go to the STIGs @ DoD IA Portal -

Security Technical Implementation Guides (STIGs) are IA guidance developed by DISA and/or NSA for all DoD information
systems. The STIGs cover three basic areas, Operating Systems, Communications & Networks, and Applications. Generally
systems will require the utilization of multiple STIGs to properly address and secure all of the system. The utilization and
application of the STIGs are required by both DoD and Army regulation. The STIGs can be found at the DoD IA Portal, STIG
Knowledge Area (https://www.us.army.mil/suite/kc/7247620).
A Security Checklist (sometimes referred to as a lockdown guide, hardening guide, or benchmark configuration) is essentially a
document that contains instructions or procedures to verify compliance to a baseline level of security. Security Checklists can
be found at the DoD IA Portal, STIG Knowledge area (https://www.us.army.mil/suite/kc/7247620).

Security Readiness Review Scripts (SRRs) test products for STIG compliance. SRR Scripts are available for all operating
systems and databases that have STIGs, and web servers using IIS. The SRR scripts are unlicensed tools developed by the
Field Security Office (FSO) and the use of these tools on products is completely at the user's own risk. SRR scripts can be
found at the DoD IA Portal, STIG Knowledge area (https://www.us.army.mil/suite/kc/7247620).


DISA FSO has create a DoD General Purpose STIG, Checklist, and Tool Compilation CD (aka, SRR Lite CD). This CD is a
compilation of all or most of the general purpose and/or publicly releasable DoD Security Technical Implementation Guides
(STIGs), as well as associated checklists, and tools (scripts). This CD is a subset of the SRR CD used by FSO Review teams
and other DoD entities. This CD does not contain documents that are marked FOUO or guidance for technologies that are not
likely to be applicable to a vendor’s product in the DSN APL process. An zipped ISO image of the CD can be downloaded at
http://iase.disa.mil/stigs/compilation/srr-lite-sep07.iso.zip .
Forward any questions, comments, or change requests to Donald Reed (donald-reed@us.army.mil).
DISA Security Technical Implementation Guides (STIG) List and Summary                                                                                                          Updated: 7 October 2008

STIG Name                              Version     Date      Pages   Checklist Applicable ?   Summary                                                                          Key Topics
Access Control In Support of            V2R1     17-Oct-07    96      Yes - 1     Yes         This STIG presents a practical methodology for selecting and integrating         PKI, CAC, Port Authentication,
Information Systems                                                                 c         logical and physical authentication techniques while tying the solution to the   802.1X, Passwords, Physical
                                                                                   No         asset’s value, environment, threat conditions and operational constraints.       Access Controls, Facility
                                                                                    c         Access control has several critical components; identity proofing, credential    Perimeters, Protective Barriers,
                                                                                              production, personalization, issuance, authentication of identity, permissions   Badges, Automated Entry
                                                                                              authorization, hardware and software switch control, transaction logging,        Control Systems, SCIFs,
                                                                                              and nonrepudiation. This STIG is focused on technologies and techniques          Biometrics, Physical Tokens,
                                                                                              employed to support authentication of identity.                                  DoD 5200.1-R

Application Security and Development    V2R1     24-Jul-08    105     Yes - 1      Yes        This STIG provides the guidance needed to promote the development,               software development, COTS,
                                                                                    c         integration, and updating of secure applications. Subjects covered in this       GOTS, DoDD 8320.2, DODD
                                                                                   No         document are: development, design, testing, conversions and upgrades for         5000.1, System Security Plan
                                                                                    c         existing applications, maintenance, software configuration management,           (SSP), Application Configuration
                                                                                              education, and training. This guide may be used for both in-house                Guide, Security Classification
                                                                                              application development and to assist in the evaluation of the security of       Guide, robustness, Protection
                                                                                              third-party applications .The requirements listed can be used to evaluate        Profiles, open source, public
                                                                                              custom developed applications and Commercial off the Shelf (COTS)                domain, freeware, shareware,
                                                                                              software packages as well. Some requirements are not applicable to COTS          threat model, objects,
                                                                                              software packages.                                                               dependencies, coding standards,
                                                                                                                                                                               static analysis tools, error
                                                                                                                                                                               handling, authentication, SQL
                                                                                                                                                                               injection, cross site scripting,
                                                                                                                                                                               buffer overflow, race conditions,
                                                                                                                                                                               auditing, fuzz testing, code
                                                                                                                                                                               reviews


Application Services                    V1R1     17-Jan-06    50      Yes - 1      Yes        This Application Services Security Technical Implementation Guide (STIG)         J2EE, Sun Microsystems JVM,
                                                                                    c         provides security configuration and implementation guidance for application      Apache Jakarta Tomcat, BEA
                                                                                   No         server products designed to the Java™ 2 Platform, Enterprise Edition             WebLogic, Microsoft .NET
                                                                                    c         (J2EE™). J2EE defines a standard security framework of configuration and         Framework, LDAP, Application
                                                                                              implementation for the protection of application servers. The J2EE platform      Partitioning, PPS
                                                                                              is a superset of the Java 2 platform. It is a specification that provides
                                                                                              enhanced security mechanisms for authentication, authorization, and
                                                                                              auditing.
Backbone Transport Services             V2R1      9-Jul-07    132     Yes - 3      Yes        The intent of this STIG is to provide Information Assurance (IA) guidance        GIG-BE, Optical Transport,
                                                                                    c         and to address security issues and robustness as it relates to the GIG           SONET, Provisioning, BGP,
                                                                                   No         backbone network. Guidance in this STIG is provided for all transport            eBGP, RSVP, Cisco Discovery
                                                                                    c         components, their relationships, interoperability, and the principles used for   Protocol, MPLS, VPN, QoS,
                                                                                              governing their configuration, implementation, management, and operation.        Multicast, OAM&P, MSPP,
                                                                                              This STIG will focus only on the DISN backbone transport segment now             DWDM, NTP, SNTP, ASBR,
                                                                                              referred to as the New DISN Core; to include the optical transport facility,     GTSM, source routing, ICMP,
                                                                                              the IP backbone network, IP WAN services, the interoperability of its            AAA, convergence, VRF,
                                                                                              network components, and the guidelines that must be followed to protect the      multicast, VPDN, IPv6, SNMP
                                                                                              network infrastructure. This document does not apply to enclaves or local
                                                                                              area networks or any customer networks subscribing to DISN Core transport
                                                                                              and IP WAN services.

Database                                V8R1     19-Sep-07    54      Yes - 2      Yes        This document provides general guidance to apply to any DBMS. Security           DBMS, SQL, DBA, Schema,
                                                                                    c         configuration for specific vendor products is provided in the related            RBAC, Object Privileges,
                                                                                   No         Database Checklist. This document is not intended to be used to configure        Database Replication,
                                                                                    c         database applications such as Microsoft Access that are designed to be           Transaction Rollback,
                                                                                              used by a single user or a small number of users. This STIG presents the         Transaction Journaling,
                                                                                              known security configuration items, vulnerabilities, and issues required to be   Separation of Duties, DDL
                                                                                              addressed in accordance with DoD policy. The most effective way to               Statements, Database
                                                                                              improve security in DoD database systems is to include security in the initial   Manipulation Language (DML),
                                                                                              design and development of the application accessing the database. To that        Application Partitioning, PPSM
                                                                                              end, this document is also intended to be useful to application program
                                                                                              managers/developers in the design phase of DoD applications. As such, it
                                                                                              provides the technical security policies, requirements, and implementation
                                                                                              details for applying security concepts to the use of database systems by an
                                                                                              application.




                                                                                               Page 5 of 20                                                                                            Updated: 7 October 2008
STIG Name                              Version    Date     Pages   Checklist Applicable ?   Summary                                                                         Key Topics
Directory Services                      V1R1   24-Aug-07    158     Yes - 1     Yes         This Directory Services Security Technical Implementation Guide (STIG)          Directory Services, Active
                                                                                  c         provides security configuration guidance for the implementation of directory    Directory, RedHat Directory
                                                                                 No         services deployed within the Department of Defense (DoD). The document          Server, LDAP, Directory
                                                                                  c         specifies general requirements applicable to directory service software and     Services Markup Language, CRL
                                                                                            specific requirements for Microsoft Active Directory (AD), Microsoft Active     , OCSP, DSA Specific Entry
                                                                                            Directory Application Mode (ADAM) (to a very limited extent), and Red Hat       (DSE), Directory Schema,
                                                                                            Directory Server (RHDS). This STIG also provides general guidance for           Replication, Direcotry
                                                                                            synchronization products that might be used in conjunction with directory       Synchronization, PPS CAL,
                                                                                            servers. This document provides general security guidance for directory         Object Attributes, Mutual
                                                                                            server products and for vendor or locally developed solutions that perform      Authentication, Time and
                                                                                            directory synchronization functions. This document replaces the Active          Synchronization, Trust
                                                                                            Directory STIG, version 1 release 1, dated 10 March 2006.                       Relationships, GPO, FSMO




DISN Asynchronous Transport Mode        V1R1   31-Mar-04    114     Yes - 1      Yes        The DATMS STIG presents a high-level description of the security                ATM, OOB Management,
Services (DATMS)                                                                  c         requirements and procedures for the DATMS. The DATMS STIG focuses on            Marconi ASX and TNX switches,
                                                                                 No         the mitigation of the technical threats to the DATMS-U/C and the technical      Maroni Powerhub, Cajun 333
                                                                                  c         security requirements as outlined in the DATMS-U System Security                T/R, Access Point 1000,
                                                                                            Authorization Agreement (SSAA) (DRAFT) dated 30 March 2002 and other            Riverstone 3000/8000, Timeplex
                                                                                            DOD regulations. The equipment addressed includes ATM switches, edge            CX-1500/CX-1540, Service
                                                                                            devices, and management systems. The DATMS STIG is not intended to              Delivery Node (SDN)
                                                                                            provide standard baseline configurations for each device, but to address the
                                                                                            minimum-security requirements associated with different components within
                                                                                            the DATMS infrastructure.

DoD Information Assurance Enterprise    V1R2   22-Apr-08    83      Yes - 1      Yes        A set of DoD Information Assurance (IA) Enterprise Solutions have been          HBSS, ePO Server, ePO Agent,
Solutions                                                                         c         procured for us throughout the Department of Defense (DoD). This Security       HIPS, PPS CAL, ePO
                                                                                 No         Technical Implementation Guide (STIG) was developed to secure these             Repository, Replication, ePO
                                                                                  c         solutions. The first tool chosen as part of this STIG, is the Host-Based        SQL database, INFOCON, Asset
                                                                                            Security System (HBSS). The selected tool for HBSS is ePolicy                   tracking
                                                                                            Orchestrator. This document contains procedures that enable qualified
                                                                                            personnel to install/deploy the HBSS in a secure manner.
DoD Secure Telecommunications and       V1R2   8-Nov-06     130     Yes - 1      Yes        The Defense Red Switch Network (DRSN) Security Technical                        DRSN, Promina, multiplexer,
Defense Red Switch Network (DRSN)                                                 c         Implementation Guide (STIG) provides the technical security policies,           COMSEC, RED switch, BLACK
                                                                                 No         requirements, and implementation details for applying security concepts to      switch, DSN, PSTN,
                                                                                  c         the DRSN. The DRSN is one of the sub-systems within the Defense                 cryptographic devices, Security
                                                                                            Information Systems Network (DISN). The DRSN is a global network that           Access Level (SAL) classmarks,
                                                                                            provides secure telecommunications services to the entire DoD community         FSAL, VSAL, subscriber
                                                                                            including the warfighter, DoD contractors, and other government agencies.       terminals, STE, STU-III,
                                                                                            The DRSN STIG provides for the protection of the hardware, software,            Enhanced Switch Reporting
                                                                                            databases, and operating systems that control the functioning of the DRSN       System (ESRS), ARDMISS,
                                                                                            switches and associated peripheral devices. Specifically, this guidance         PanaVue, VoSIP, SVoIP,
                                                                                            addresses DRSN security policy, security architecture, and procedures. The      SVoSIP, DoD 5200.2-R,
                                                                                            use of the principles and guidelines in this STIG will provide an environment   Speakers, Speakerphones
                                                                                            that meets or exceeds the security requirements of DoD systems operating
DoD Telecommunications and Defense      V2R3   30-Apr-06    90      Yes - 1      Yes        at the MissionTechnical Implementation Guide (STIG) provides thelevel of
                                                                                            This Security Assurance Category (MAC) I, with a Confidentiality technical      DSN, Backbone, Common
Switched Network (DSN)                                                            c         security policies, implementation details, and requirements for applying        Channel Signaling (CCS),
                                                                                 No         security concepts to the Department of Defense (DoD) telecommunications         Signaling System 7 (SS7),
                                                                                  c         systems. The DSN encompasses inter-base and intra-base non-secure               Multifunction Switches, Tandem
                                                                                            and/or secure C2 telecommunications systems that provide end-to-end             Switches, PBXs, End Offices
                                                                                            common use and dedicated telephone service, voice-band data, and dial-up        (EO), Advanced DSN Integrated
                                                                                            video teleconferencing (VTC) for authorized DoD C2 and non-C2 users in          Management Support System
                                                                                            accordance with national security directives. Non-secure dial-up voice          (ADMISS), PSTN, CPE, Inter-
                                                                                            (telephone) service is the system's principal requirement. The purpose of       Switched Trunk, Timing and
                                                                                            the STIG is to make recommendations and assist DSN operations and               Synchronization, Remote
                                                                                            switching sites with meeting the minimum requirements, standards, controls,     Switching Units, Switching
                                                                                            and options for protecting telephone system operations.                         Transfer Point




                                                                                             Page 6 of 20                                                                                          Updated: 7 October 2008
STIG Name                            Version     Date      Pages   Checklist Applicable ?   Summary                                                                        Key Topics
Domain Name System (DNS)              V4R1     17-Oct-07    114     Yes - 1     Yes         This DNS Security Technical Implementation Guide (STIG) is designed to         DNS, Domains, Zones, Zone
                                                                                  c         assist administrators with the configuration of DNS server software and        Transfers, BIND, Cisco CSS
                                                                                 No         related portions of the underlying operating system. This STIG also provides   DNS, Top Level Domain,
                                                                                  c         guidance for standard operating procedures related to configuration            Caching Name Servers,
                                                                                            management, business continuity, and other topics. This document details       Resolvers, Query, Recursion,
                                                                                            DoD DNS security practices and procedures applicable to all DoD name           Stub Zones, Service Records
                                                                                            servers including authoritative and recursive servers. This document           (SRV), Split DNS, DNSSEC,
                                                                                            specifically addresses issues and configuration choices for the following      CNAME, A Record, Blackhole,
                                                                                            implementations of DNS: BIND 9.3.1 and above; BIND 9.3.2 for Microsoft         TSIG, DHCP, LDAG, Kerberos
                                                                                            Windows 2000, Windows XP, and Windows 2003 Server; Microsoft
                                                                                            Windows 2000/2003 Server and DNS subsystem; and Cisco CSS DNS.
                                                                                            This STIG does not address the DNS configuration of DNS clients (i.e., the
                                                                                            workstations, servers, and network devices that query name servers).

Enclave                               V4R2     10-Mar-08    68      Yes - 1      Yes        This Security Technical Implementation Guide (STIG) on Enclave security        INFOCON, PPS CAL,
                                                                                  c         provides the information protection guidance necessary to implement secure     Communities Of Interest (COI),
                                                                                 No         Information Systems (ISs) and networks while ensuring interoperability.        NSTISSP No. 11, NIAP,
                                                                                  c         This document is aimed at identifying mitigating controls to aid in securing   Common Criteria, EAL, Mission
                                                                                            and protecting the perimeter and computing environment. This STIG              Assurance Category (MAC),
                                                                                            defines enclave security architecture as an integrated system supporting       Enclave Perimeter, Router,
                                                                                            Defense-in-Depth (DID). An enclave includes the “Enclave Perimeter” and        Firewall, Network IDS, DMZ,
                                                                                            “Computing Environment” layers in the DID architecture which includes all      IPv6, Real Time Services (RTS),
                                                                                            components of the network, application, and host layers.                       Vulnerability Assessments, VPN,
                                                                                                                                                                           Virtual Machine




Enterprise Resource Planning (ERP)    V1R1     7-Dec-06     34      Yes - 1      Yes        This STIG provides security configuration guidance for software products       Enterprise Resource Planning
                                                                                  c         designed to deliver enterprise-class system ERP functionality. For this        (ERP), Business Process, QA, 2-
                                                                                 No         STIG, ERP software will refer to all commercially available software           Tier/3-Tier Process Models,
                                                                                  c         packages that supply one or more of the functions generally found within       Shell Access, HIPAA, Sarbanes-
                                                                                            ERP packages. The functions include but are not limited to Human               Oxley Act (SOX)
                                                                                            Resources, Financial processes, Customer Relations Management (CRM),
                                                                                            sales, warehousing, inventory control, and manufacturing. This document
                                                                                            provides general security guidance. Vendor implementation of ERP
                                                                                            functionality does vary; and most commercial products provide only subsets
                                                                                            of all the functions generally associated with ERP.


Enterprise System Management (ESM)    V1R1     5-Jun-06     178     Yes - 1      Yes        This Enterprise System Management (ESM) Security Technical                     ESM, Tivoli, Tivoli Management
                                                                                  c         Implementation Guide (STIG) provides security configuration guidance for       Region (TMR), Tivoli
                                                                                 No         software products designed to deliver enterprise-class system management       Management Framework,
                                                                                  c         functions. This document provides both general and product-specific            Microsoft SMS, Configuration
                                                                                            security guidance. Vendor implementation of ESM functions does vary; and       Management, Fault
                                                                                            most commercial products provide only subsets of all the functions generally   Management, Performance
                                                                                            associated with ESM. Specific guidance is provided for Tivoli enterprise       Management, Accounting
                                                                                            management products and Microsoft Systems Management Server 2003.              Management, Security
                                                                                                                                                                           Management, Agent, Manager,
                                                                                                                                                                           ESM Repository,
                                                                                                                                                                           SNMP,Common Interface Model
                                                                                                                                                                           (CIM), Encryption, Integrity
                                                                                                                                                                           Checking




                                                                                             Page 7 of 20                                                                                        Updated: 7 October 2008
STIG Name                             Version     Date      Pages   Checklist Applicable ?   Summary                                                                     Key Topics
ESX Server                             V1R1     28-Apr-08    100     Yes - 1     Yes         This document contains a set of principles and guidelines that serve as the Virtualization, virtual machine
                                                                                   c         basis for establishing VMware ESX Server environments within the DoD.       monitors (VMM), ESX Server,
                                                                                  No         This STIG will focus on guidance for the ESX Server.                        resource manager, VMkernel,
                                                                                   c                                                                                     virtual machine file system
                                                                                                                                                                         (VMFS), VMotion, virtual
                                                                                                                                                                         infrastructure client (VI Client),
                                                                                                                                                                         distributed resource calendar
                                                                                                                                                                         (DRS), virtual symmetric multi-
                                                                                                                                                                         proceesing (SMP), VirtualCenter,
                                                                                                                                                                         iSCSI, vSwitch, VLAN, external
                                                                                                                                                                         switch tagging (EST), virtual
                                                                                                                                                                         switch tagging (VST), vpxuser,
                                                                                                                                                                         VMDK
Instant Messaging                     V1R2      15-Feb-08    47      Yes - 1      Yes        This document contains a set of principles and guidelines that serve as the Instant Messaging (IM), Peer-to-
                                                                                   c         basis for establishing instant messaging systems within the DoD. The        Peer (P2P), Managed Enterprise
                                                                                  No         requirements set forth in this document will assist Information Assurance   Services, PPS CAL, Internet
                                                                                   c         Managers (IAM), Information Assurance Officers (IAO), Network Security      Relay Chat (IRC), netsplit,
                                                                                             Officers (NSO), and System Administrators (SA) in the support of protecting Nickserv, Chanserv, Openserv,
                                                                                             DoD instant messaging systems. Instant messaging systems must provide Direct Client Connect (DCC),
                                                                                             secure, available, and reliable data for all customers. This document will  ICQ, Internet Relay Chat (IRC),
                                                                                             assist sites in meeting the minimum requirements, standards, controls, and netsplit, Client-to-Client Protocol
                                                                                             options that must be in place for secure instant messaging environments.    (CTCP), virtual meetings, virtual
                                                                                                                                                                         spaces

Internet Protocol Telephony (IPT) &    V2R2     21-Apr-06    65      Yes - 1      Yes        The Internet Protocol Telephony & Voice over Internet Protocol Security          Internet Protocol Telephony
Voice Over Internet Protocol (VoIP)                                                c         Technical Implementation Guide (IPT & VoIP STIG) is published as a tool to       (IPT), VoIP, H.323, SIP, Media
                                                                                  No         assist in securing networks and systems supporting Voice over Internet           Gateway Control Protocol
                                                                                   c         Protocol (VoIP) technology for the purpose of converging voice and data          (MGCP), VLANs, VTC, QoS,
                                                                                             networks by the use of IPT. VoIP is a process that enables the transfer of       Class of Service (CoS), 802.1Q,
                                                                                             voice data over a packet switched network as opposed to the traditional          802.1P, Call Manager,
                                                                                             circuit-switched network. IPT, if implemented properly, holds the promise of     Media/Signaling Gateways,
                                                                                             converged networks and unified communications. The scope of this STIG is         VoSIP, SVoIP, SVoSIP, IP soft
                                                                                             the application of security and certain performance requirements pertinent to    phones
                                                                                             the infrastructure that supports IPT systems employing VoIP technologies.
                                                                                             The focus of this STIG is on securing the technology, and not it’s specific
                                                                                             application within the DoD.

Network Infrastructure                 V7R1     25-Oct-07    154     Yes - 1      Yes        The intent of this STIG is to include security considerations at the network     VLANs, VPNs, AAA, Router,
                                                                                   c         level needed to provide an acceptable level of risk for information as it is     Network IDS, Real Secure, ACL,
                                                                                  No         transmitted throughout an enclave. This document will assist sites in            Firewall, Back-door connections,
                                                                                   c         meeting the minimum requirements, standards, controls, and options that          RFC 1918, NAT, DHCP, OOB
                                                                                             must be in place for secure network operations. The requirements in this         Management. BGP, Cisco
                                                                                             document will be employed at the boundary between DOD private LANs and           Discovery Protocol, NTP,
                                                                                             all WAN connections such as the Un-classified (but Sensitive) Internet           Ingress/Egress Filters, DDoS,
                                                                                             Protocol Routing Network (NIPRNet), and Secret Internet Protocol Router          Intermediate Distribution Frame
                                                                                             Network (SIPRNet).                                                               (IDF), VLAN Trunking, Port
                                                                                                                                                                              security, Port authentication,
                                                                                                                                                                              MIB, SNMP
OS/390 & z/OS                          V5R2     11-Sep-06    788     Yes - 4      Yes        OS/390 Security Design for most mainframe information systems deployed           OS/390 Unix, ACF2, RACF, TOP
                                                                                   c         throughout DOD use the International Business Machines (IBM) OS/390 or           SECRET, VTAM, LU 6.2, Front
                                                                                  No         z/OS operating system. Controls within OS/390 and z/OS have been                 End Processors,
                                                                                   c         developed and documented in IBM references to ensure operating system            MQSERIES/WebSphere MQ,
                                                                                             integrity is maintained. This document is in the process of transitioning from   TN3270, JES2,
                                                                                             OS/390 to z/OS. Any and all references to OS/390 will apply to both OS/390       CL/SUPERSESSION, TSO, NC-
                                                                                             and z/OS. Security mechanisms that provide MAC II Sensitive level controls       PASS Authenticator
                                                                                             for the OS/390 and z/OS operating environments are implemented by the
                                                                                             addition of Access Control Products (ACPs). The ACPs currently in use
                                                                                             throughout DOD are: Access Control Facility 2 (ACF2); Resource Access
                                                                                             Control Facility (RACF); and TOP SECRET (TSS). To maintain the integrity
                                                                                             of the site, the ACP must be properly installed and configured.




                                                                                              Page 8 of 20                                                                                           Updated: 7 October 2008
STIG Name                            Version     Date      Pages   Checklist Applicable ?   Summary                                                                            Key Topics
Personal Computer Communications      V1R1     11-Jun-08    84      Yes - 1     Yes         The Personal Computer (PC) Communications Client STIG, addresses the               soft-phone application, soft-VTC
Client (Voice/Video/Collaboration)                                                c         IA issues surrounding the use and implementation of PC software                    application, instant messaging
                                                                                 No         applications that enable the PC to act as a client for various interactive real-   (IM), chat, Unified
                                                                                  c         time and near real-time communications systems and services; many of               Communications, CNSSI 5000,
                                                                                            which enable collaboration in one form or another. The primary focus of this       CNSSI 5001, on/hook idle audi
                                                                                            STIG is PC applications and accessories that enable voice and video                security, VoIP, VTC, PTZ,
                                                                                            communications with IP based telephone and VTC systems.                            personal phone gateways (PPG),
                                                                                            Communications services that were once based in separate applications are          analog telephone adapter (ATA),
                                                                                            now merging into single all inclusive communications applications or suites        USB phones, stick-phone,
                                                                                            of applications that can be quite complex. Additionally addressed are              webcam, speakerphone,
                                                                                            configuration, implementation, and architecture requirements for the PC            Computer Telephony Integration
                                                                                            platforms, their connection to a supporting network, and certain aspects of        (CTI)
                                                                                            the network configuration in conjunction with other related STIGs. Server
                                                                                            side issues and the overall communications/collaboration system
                                                                                            architecture is not addressed.

S/390 Logical Partition               V2R2     4-Mar-05     92      Yes - 1      Yes        This document defines the requirements, standards, controls, and options           LPAR, Amdahl, Hitachi Data
                                                                                  c         that must be in place for each LPAR in a processing complex to comply with         Systems, IBM, System Control
                                                                                 No         the MAC II Sensitive requirements. The requirements set forth in this              Process (SCP), Enterprise
                                                                                  c         document are for S/390 LPARs and for the hardware and software used to             System Connecttion (ESCON),
                                                                                            support LPARs at the DOD sites. Many of the sites running S/390 are doing          ACF2, RACF, TOP SECRET,
                                                                                            so on processors capable of executing multiple environments concurrently.          Sysplex, Cross-System Coupling
                                                                                            In addition to the security required within S/390, additional requirements are     Facility (XCF), Integrated
                                                                                            necessary to ensure the integrity of each environment. Also, controls will be      Cryptographic Services Facility
                                                                                            in place to ensure the separation of data with different classification levels.    (ICSF), IOCDS, IOCP, HCD
                                                                                            Each manufacturer uses a different term for describing a Logical Partition.
                                                                                            Amdahl uses the term domain. Hitachi Data Systems (HDS) and IBM both
                                                                                            use the term LPAR. Throughout this document, LPAR is used generically to
                                                                                            refer to any manufacturer’s logical partition.

Secure Remote Computing               V1R2     10-Aug-05    60        No         Yes        This Secure Remote Computing Security Technical Implementation Guide               Remote Access, Broadband,
                                                                                  c         (STIG) provides the technical security policies and requirements for               DSL, ISDN, Cable Modem,
                                                                                 No         providing a secure remote access environment to users in Department of             Satellite, VPN, AAA, RADIUS,
                                                                                  c         Defense (DOD) components. This document discusses both the remote user             "Road Warriors",Telework,
                                                                                            environment and the network site architecture that supports the remote user.       Wireless, Network Access
                                                                                            The intent of this STIG is to include security considerations at the network       Server, Dial-up, Personal
                                                                                            and remote user level that are needed to provide an acceptable level of risk       Firewalls, Web Browser security,
                                                                                            for information as it is transmitted to a network enclave and potentially to       Anti-Virus, Mobile Code
                                                                                            other sites. Further information on remote access is also provided in the
                                                                                            Secure Remote Access Service Addendum, which is available on the IASE
Sharing Peripherals Across the        V1R1     28-Jul-06    54      Yes - 4      Yes        web Sharing Peripherals provides a technical overview of a general DOD
                                                                                            This site. This addendum Across the Network (SPAN) Security Technical              Storage Area Networks (SAN),
Network (SPAN)                                                                    c         Implementation Guide (STIG) provides the technical security policies,              KVM, USB, Multifunction
                                                                                 No         requirements, and implementation details for applying security concepts to         devices, Fibre Channel, HBA,
                                                                                  c         Commercial-Off-The-Shelf (COTS) hardware peripheral devices. For this              Zoning, Logical Unit Number
                                                                                            STIG, peripheral will mean, “any device that allows communication between          (LUN), A/B Switches, Firewire
                                                                                            a system and itself, but is not directly operated by the system”. However,
                                                                                            this document does not deal with devices found wholly contained within the
                                                                                            main cabinet of the computer or, with the exception of A/B switches, those
                                                                                            devices connected via legacy parallel and serial interfaces.




Tandem                                V2R2     4-Mar-05     224     Yes - 1      Yes        The intent of this Tandem Security Technical Implementation Guide (STIG)           Command Interpreter Monitor
                                                                                  c         is to include security considerations needed to provide an acceptable level        (CMON), Block Mode Operating
                                                                                 No         of risk for the information that resides on the Tandem systems. This               System Services (BOSS),
                                                                                  c         Tandem STIG covers the operating system(s) (OS), applications, and                 Transaction Data-Level Monitor
                                                                                            security tools to include Tandem NonStop SQL (NSSQL), Tandem Enscribe,             (TM/MP), Tandem Kernel,
                                                                                            Block Mode Operating System Services (BOSS), and Command Interpreter               Tandem Advanced Command
                                                                                            Monitor (CMON).                                                                    Language (TACL), Event
                                                                                                                                                                               Management Service (EMS),
                                                                                                                                                                               Safeguard


                                                                                             Page 9 of 20                                                                                             Updated: 7 October 2008
STIG Name                    Version    Date     Pages   Checklist Applicable ?   Summary                                                                            Key Topics
Unisys                        V7R2   28-Aug-06    326     Yes - 1     Yes         This document will define the minimum requirements, standards, controls,           Unisys, U2200 mainframe,
                                                                        c         options and procedures that have to be in place for the Unisys Executive           ClearPath Enterprise servers,
                                                                       No         and standard system software to meet MAC II sensitive compliance as                OS 2200, HMP IX, Site
                                                                        c         discribed in the DoDI 8500.2. The requirements set forth in this document          Management Complex (SIMAN),
                                                                                  are for the Unisys hardware (U2200 mainframes or ClearPath IX enterprise           Core Automated Maintenance
                                                                                  servers), Executive, and standard system software (all software not written        System (CAMS), Remote Site
                                                                                  or procured by individual AISs) hereinafter referred to simply as Unisys.          Interface (RSI), console mode,
                                                                                  The original target audience for this Security Technical Impementation             Keyins,TIP, MODPS$, DataBase
                                                                                  Guide (STIG) was DISA facilities using the Access and Location Number              Editor (DBE), MAPPER
                                                                                  (ALN) modification of the standard Unisys software. As a consequence, this
                                                                                  STIG contains many ALN specific policies, procedures and settings.


Unix                          V5R1   28-Mar-06    158     Yes - 1      Yes        This document provides requirements and associated steps to limit the              Sun Solaris, HP-UX, AIX, SGI
                                                                        c         security vulnerabilities for a UNIX system. These requirements are                 IRIX, LINUX, network services,
                                                                       No         designed to assist Security Managers (SMs), Information Assurance                  kernel, cron, at, suid, sgid, sticky
                                                                        c         Managers (IAMs), Information Assurance Officers (IAOs), and System                 bit, NFS, NIS, TCP WRAPPERS,
                                                                                  Administrators (SAs) with configuring and maintaining security controls in a       X Windows, PATH, shells,
                                                                                  UNIX environment. This document provides security requirements for all             umask, sendmail, ftp, telnet, ssh,
                                                                                  common variants of UNIX.                                                           daemons, DNS, Samba,
                                                                                                                                                                     Tripwire, Bastille, PAM

Video Tele-Conference         V1R1    8-Jan-08    122       No         Yes        The purpose of this document is to provide IA guidance for securing VTC            VTC, CODEC, ISDN, PSTN,
                                                                        c         communications. The initial release of this STIG will focus on endpoints or        Inverse Multiplexer, H.320,
                                                                       No         the interface between the human and the wire or the network. The guidance          H.323, Session Initiation Proctol,
                                                                        c         here is weighted heavily towards the confidentiality. This STIG is applicable      Real Time Protocol, Polycom,
                                                                                  to all types of VTC endpoints without regard to their location, method of          Tandberg, VCON, Aethra, VTU,
                                                                                  information transport, connected network, or platform. This document               webcam, Multipoint Control Unit,
                                                                                  applies to both conference room systems and systems of all sizes and types         Real Time Service, QOS,
                                                                                  that are located in an office or other work area as well as devices connected      Differnetial Service Code Point,
                                                                                  to unclassified or classified networks processing unclassified or classified       Far End Camera Control, auto-
                                                                                  information. The primary focus of the configuration and access control             answer, H.235, H.350, H.245,
                                                                                  requirements in this STIG is on hardware/appliance based systems.                  streaming, multicast, VLANs,
                                                                                  Additional configuration and access control requirements for PC based              IEEE 802.1x, H.225, T.120,
                                                                                  software/application VTC endpoints and collaboration applications that             whiteboard, EIA-366, EIA-530
                                                                                  provide voice and video communications/conferencing will be found in a to
                                                                                  be published document covering PC workstation communications soft
                                                                                  clients.

Web Server                    V6R1   11-Dec-06    67      Yes - 6      Yes        The purpose of this STIG is to assist Department of Defense (DoD) sites in         Open Web Application Security
                                                                        c         planning web server deployment and securing already-deployed web                   Project (OWASP), CGI, PERL,
                                                                       No         servers in an effort to achieve the minimum requirements, standards,               Java, JavaScript, J2EE,
                                                                        c         controls, and options for secure web server operations. The contents of this       Windows Script Host (WSH),
                                                                                  STIG are intended to facilitate the security research, planning, design,           XML, ASP.NET, SOAP, WSDL,
                                                                                  installation, deployment, and operational maintenance of the web server            UDDI, SAML, LDAP, cross-site
                                                                                  lifecycle. Specific security configuration guidance for the                        scripting, Server Side Includes,
                                                                                  Netscape/iPlanet/Sun JAVA System Server, Apache, and Microsoft Internet            Content Approval, SSL/TLS,
                                                                                  Information Server (IIS) applications can be found in the companion Web            Open Source Software
                                                                                  Server Checklists, which are external to this STIG.



Windows 2003/XP/2000/Vista    V6R1   21-May-07    68      Yes - 4      Yes        This Addendum to Microsoft’s Security Guides for Windows 2003, XP and              Windows Registry, ACLs,
Addendum                                                                c         Vista and NSA’s Guides to Securing Windows 2000 was developed to                   Internet Explorer, Security
                                                                       No         enhance the confidentiality, integrity, and availability of sensitive Department   Zones, Media Player, Caching,
                                                                        c         of Defense (DoD) Automated Information Systems (AISs) using the                    DCOM, Group Policy, Terminal
                                                                                  Windows 2003, 2000, XP and Vista operating systems (OSs).                          Services,




                                                                                  Page 10 of 20                                                                                                Updated: 7 October 2008
STIG Name                     Version     Date      Pages   Checklist Applicable ?   Summary                                                                         Key Topics
Windows Desktop Application    V3R1     9-Mar-07     112     Yes - 1     Yes         This Windows Desktop Application Security Technical Implementation              Desktops, Clients, Anti-Virus
                                                                           c         Guide (STIG) provides the technical security policies, requirements, and        Software, Web Browsers, E-mail
                                                                          No         implementation details for applying security concepts to Commercial-Off-        Clients, Anti-Spyware Software,
                                                                           c         The-Shelf (COTS) applications. Given the very large set of applications,        IM, P2P, File Type Associations,
                                                                                     environments, and implementation strategies, it is not possible to              Mobile Code, Windows Script
                                                                                     adequately cover every instance. This document provides general guidance        Host (WSH), SSL, DoD PKI,
                                                                                     on some of the commonly found desktop applications in the most commonly         ActiveX, JavaScript, VBScript,
                                                                                     found desktop operating system environments. Web browsers and e-mail            HTML. Macros, Remote Access
                                                                                     clients were given priority, because they are most common. Anti-virus           Devices, Portable Electronic
                                                                                     products, because of their strategic importance in preventing problems,         Devices, Personal Firewalls,
                                                                                     were also a priority. Appendices exist that apply the general guidance to       USB Devices, VPN Clients,
                                                                                     specific products and versions of commonly found applications. For              Cookies, Browser Helper Objects
                                                                                     applications not specifically defined in the Appendices, guidance from the
                                                                                     general section should be used to secure the application.

Wireless                      V5R2      15-Nov-07    76      Yes - 5      Yes        This STIG supports the design, implementation, and management of                WLAN, WPAN, WWAN, IEEE
                                                                           c         wireless devices and networks that are used to provide email and other          802.11, IEEE 802.1x, Wi-Fi,
                                                                          No         information technology services to mobile workers in the DoD and provides       SSID, WEP, WPA, WPA2, VoIP,
                                                                           c         implementation guidance for DoD Directive 8100.2 and ASD-NII 2 June             RFID, Free Space Optics, IR,
                                                                                     2006 memorandum providing supplemental policy and guidance to DoDD              PDAs, PEDs, Paging, 2-way E-
                                                                                     8100.2. The target is for commercial wireless systems, networks, and            mail, Blackberry, BES,
                                                                                     devices that are used to provide office type services (e.g., email, travel      smartphones, SME PED,
                                                                                     applications, connections to office networks) using commercially available      Wireless keyboard, Wireless
                                                                                     wireless equipment and wireless carriers and operated in either office or       mouse, Cellular, Bluetooth,
                                                                                     operational/tactical environments. The intent is for the requirements in this   MIMO, FHSS, DSSS, Wireless
                                                                                     STIG to supplement other OS and network STIGs so that a seamless                IDS, Secure WLAN (SWLAN),
                                                                                     security infrastructure can be maintained within the DoD enterprise.            SecNet, CTTA, Windows Zero
                                                                                                                                                                     Configuration (WZC) service,
                                                                                                                                                                     GSM, GPRS, Subscriber Identity
                                                                                                                                                                     Module (SIM) cards




                                                                                     Page 11 of 20                                                                                          Updated: 7 October 2008
DISA Security Technical Implementation Guides (STIG) List and Summary
STIG Name (Drafts)                               Version     Date
ISA Server 2006 Addendum                         V1R0.1    11-Jan-08
DoD NIPRNet DMZ, Increment 1, Phase 1            V1R0.4    8-May-08
nd Summary
        Existing
          NO
          NO
DISA Security Technical Implementation Guides (STIG) Checklists                        Updated: 7 October 2008

Checklist                                                     Version        Date      STIG
Biometric Security Checklist for the Access Control STIG       V2R1.1      7-Nov-07    Access Control In Support of Information
                                                                                       Systems STIG
Application Security and Development Checklist                 V2R1.1      24-Jul-08   Application Security and Development
                                                                                       STIG
Application Services Security Checklist                        V1R1.1      31-Jul-06   Application Services STIG
Backbone Transport Services Checklist                          V2R1.2      19-May-08 Backbone Transport Services STIG
Cisco Router Checklist Procedure Guide - Supplement to          V2R1       11-Jul-07   Backbone Transport Services STIG
Backbone Transport Services Checklist V2R1
Juniper Router Checklist Procedure Guide - Supplement           V2R1       11-Jul-07   Backbone Transport Services STIG
to Backbone Transport Services Checklist V2R1
Database Security Checklist                                    V8R1.1      7-Nov-07    Database STIG
Generic Database Security Checklist                            V8R1.1      8-Jan-08    Database STIG
Directory Services Security Checklist                          V1R1.3      28-Mar-08 Directory Services STIG
DATMS Checklist                                                V1R1.1      19-Apr-06 DISN Asynchronous Transport Mode
                                                                                      Services (DATMS) STIG
HBSS Checklist                                                 V1R2.1      23-May-08 DoD Information Assurance Enterprise
                                                                                      Solutions STIG
Checklist for DoD Secure Telecommunications and                 V1R2       15-Nov-06 DoD Secure Telecommunications and
Defense Red Switch Network (DRSN)                                                     Defense Red Switch Network (DRSN)
DoD Telecommunications and Defense Switched Network            V2R3.4       15-Jul-08 DoD Telecommunications and Defense
(DSN) Checklist                                                                       Switched Network (DSN) STIG
Domain Name System (DNS) Security Checklist                    V4R1.4      15-Sep-08 Domain Name System (DNS) STIG
Enclave Security Checklist                                      V4R3       17-Jul-08   Enclave STIG
Enterprise Resource Planning Checklist for Generic             V1R1.1      10-Apr-07 Enterprise Resource Planning (ERP)
Implementations                                                                      STIG
Enteprise System Management (ESM) Security Checklist           V1R1.3      10-Apr-07 Enterprise System Management (ESM)
                                                                                     STIG
ESX Server Checklist                                           V1R1.2      3-Sep-08 ESX Server STIG


                                                           Page 14 of 20                                    Updated: 7 October 2008
Checklist                                                    Version        Date      STIG
Instant Messaging Checklist                                   V1R1.4      18-Jul-08   Instant Messaging STIG
IP Telephony & Voice Over IP (VOIP) Checklist                 V2R2.4      15-Aug-08 IP Telephony & Voice Over IP (VOIP)
                                                                                    STIG
Network Security Checklists                                   V7R1.5      18-Jul-08 Network Infrastructure STIG
OS/390 & z/OS ACF2 Checklist                                  V5R2.9        Jul-08    OS/390 & z/OS STIG
OS/390 & z/OS RACF Checklist                                  V5R2.9        Jul-08    OS/390 & z/OS STIG
OS/390 & z/OS Self Assessment Checklist                       V5R2.9        Jul-08    OS/390 & z/OS STIG
OS/390 & z/OS TSS Checklist                                   V5R2.9        Jul-08    OS/390 & z/OS STIG
Personal Computer Communications Client Checklist             V1R1.1      15-Aug-08 Personal Computer Communications
                                                                                    Client STIG
MVS Logical Partition (LPAR) Checklist                        V2R1.4       Apr-06   S/390 Logical Partition STIG
Keyboard, Video, and Mouse (KVM) Switch Checklist for         V1R1.2      14-Apr-06 Sharing Peripherals Across the Network
SPAN STIG                                                                           (SPAN) STIG
Multi-Functional Device (MFD) and Printer Checklist for       V1R1.2      14-Apr-06 Sharing Peripherals Across the Network
SPAN STIG                                                                           (SPAN) STIG
Storage Area Network (SAN) Checklist for SPAN STIG            V1R1.3      19-May-06 Sharing Peripherals Across the Network
                                                                                    (SPAN) STIG
Universal Serial Bus (USB) Checklist for SPAN STIG            V1R1.2      14-Apr-06 Sharing Peripherals Across the Network
                                                                                    (SPAN) STIG
Tandem Security Checklist                                     V2R1.2      17-Apr-04 Tandem STIG
Unisys Checklist                                               V7R2       24-Nov-06 Unisys STIG
Unix Security Checklist                                      V5R1.14      15-Sep-08 Unix STIG
Web Apache Checklist                                          V6R1.7      25-Jul-08   Web Server STIG
Web Generic Checklist                                         V6R1.6      25-Jul-08   Web Server STIG
Web IIS Checklist                                             V6R1.9      25-Jul-08   Web Server STIG
Web Netscape / Sun JAVA Checklist                             V6R1.3      25-Jul-08   Web Server STIG
Web Tomcat Checklist                                          V6R1.3      25-Jul-08   Web Server STIG



                                                          Page 15 of 20                                    Updated: 7 October 2008
Checklist                                               Version       Date      STIG
Web Weblogic Checklist                                  V6R1.3      25-Jul-08   Web Server STIG
Windows 2000 Security Checklist                         V6R1.8      26-Sep-08 Windows 2003/XP/2000/Vista Addendum
Windows Server 2003 Security Checklist                  V6R1.8      26-Sep-08 Windows 2003/XP/2000/Vista Addendum
Windows Vista Security Checklist                        V6R1.8      26-Sep-08 Windows 2003/XP/2000/Vista Addendum
Windows XP Security Checklist                           V6R1.8      26-Sep-08 Windows 2003/XP/2000/Vista Addendum
Windows Server 2008 Security Checklist                  V6R1.1      25-Jul-08   Windows 2003/XP/2000/Vista Addendum
Desktop Application Security Checklist                  V3R1.7      26-Sep-08 Windows Desktop Application STIG
Wireless Security Checklist                             V5R2.2      26-Mar-08 Wireless STIG
Wireless STIG Apriva Sensa Secure Mobile Email System   V5R2.1      15-Nov-07 Wireless STIG
Security Checklist
Wireless STIG Blackberry Checklist                      V5R2.2      15-Sep-08 Wireless STIG
Wireless STIG Motorola Good Mobile Messaging Wireless   V5R2.1      15-Nov-07 Wireless STIG
Email System Security Checklist
Wireless STIG Windows Mobile Messaging Wireless         V5R2.2      8-May-08    Wireless STIG
Email System Security Checklist
Wireless STIG Secure Mobile Environment (SME)           V1R1.1      24-Jul-08   Wireless STIG
Portable Electronic Device (PED) System Security
Checklist

.NET Framework Security Checklist                       V1R2.1      21-Sep-07
Best Security Practices Checklist                        V2R1       29-Jan-07
DISA NetOps Program/System/Application/Service           V2R1       31-Aug-07
Readiness Checklist
DoD Enterprise DMZ Checklist                             V1R1       31-Oct-05
DoDI 8500.2 IA Control Checklists                       V1R1.4      28-Mar-08
Open VMS Security Checklist                             V2R2.3      17-Apr-06
REL-DMZ Checklist                                        V1R1       31-Oct-05



                                                    Page 16 of 20                                 Updated: 7 October 2008
Checklist              Version        Date      STIG
REL-LAN Checklsit       V1R1.2      23-Jan-07




                    Page 17 of 20                      Updated: 7 October 2008
                                                          - DoD IA Portal - STIG Folder Stucture -

          With the movement of STIG, Checklists, SRRs and other related content from the DISA IASE site to the DoD IA Por
          layout supporting these items has changed as well. No longer are the STIGS, Checklists, and SRRs found in separ
          logically grouped together in a series of folders. This can be confusing for those familiar with the old IASE structure
          the DoD IA Portal STIG Knowledge Area, a copy of the folder structure has been replicated below. Note that the ST
          between two principle areas: 'DoD Security Guides and Tools' and 'FOUO Guidance'. The vast majority of the con
          Guides and Tools' folder. In the case the STIG or Checklist hyperlinks don't work, it is probably caused by the refef
          a newer version. In those cases the user can use the folder structure below to hopefully find the newer version.


AKO Files Home -> U.S. Army Organizations -> DoD Organizations -> OSD -> DoD IA Portal -> Field Security -> Guides (STIG
          Application Security Guides
                      Access Control
                      App Security and Development
                      Application Services
                      Best Security Practices Checklist
                      Database
                      Defense Switched Network (DSN)
                      Desktop Applications
                      Directory Services
                      Enterprise Resource Planning
                      Enterprise System Management
                      Instant Messaging
                      Open VMS
                      Personal Computer Communications Client
                      Video TeleConferencing (VTC)
                      Voice Over Internet Protocol
                      Web
          Draft Security Guidance
          Enclave Policy Security Guides
                      Enclave STIG
                      Traditional Security
          Networking Security Guides
                      DNS
                      Network STIG
                      SPAN STIG
                      Wireless
          OS Security Guides
                      ESX Guidance
                      Mac OS
                      OS 390
                      Tandem
                      Unisys
                      Unix
                      Windows


AKO Files Home -> U.S. Army Organizations -> DoD Organizations -> OSD -> DoD IA Portal -> Field Security -> Guides (STIG
          Application Security Guides
                      Defense Red Switch Network
Draft Security Guidance
Enclave Policy Security Guides
            Enclave STIG Appendix B
Networking Security Guides
            Backbone Transport Services
            DATMS
            REL Checklists
            SABI
Traditional Security Guidance
Tunneling Position Paper
Stucture -

 he DISA IASE site to the DoD IA Portal, the file/folder structure
Checklists, and SRRs found in separate areas. These items are now
 e familiar with the old IASE structure. To help the user to navigate
en replicated below. Note that the STIG related elements are split
dance'. The vast majority of the content is found in the 'DoD Security
ork, it is probably caused by the refefenced version being replaced by
 hopefully find the newer version.


tal -> Field Security -> Guides (STIGs) -> DoD Security Guides and Tools




tal -> Field Security -> Guides (STIGs) -> FOUO Guidance

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:1055
posted:1/29/2011
language:English
pages:20