Security Basics mailing list archives

Re: STIG Implementation

From: Rob Riggins <rigtenzin () gmail com>
Date: Thu, 16 Aug 2012 13:56:52 -0500

My advice with the Gold Disk is to definitely not run the automated
remediation process. Make the changes manually, because the
remediation process can break things. But of course, you can break
things manually too, but at least you will have an idea what you did,
if you remediate manually.

Gold Disk only reviews Windows and some installed components. The Gold
Disk is being phased out this year. You have two other choices: SCAP
tools and manual reviews.

What other components are on the server? You will need to review those
components with the corresponding STIGs too.

For STIG reviews, use the STIG Viewer. It will create checklists from
STIGs. After you manually run through the checklist items, you can
create an export file to upload to VMS (if that's where the results
are going).

Will you upload the results into VMS?

I could write a tiny book on this. This process can be very
frustrating if you are doing it without someone guiding you.

Rob


On Tue, Jul 31, 2012 at 4:59 PM, <JNMiller1978 () gmail com> wrote:


Hello All,

I am new to the IA field and was wondering if anyone would like to share
some of their experience with STIG Implementation.  I am going through them
manually no as I have not gained access to Gold Disk yet.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




--
Rob Riggins
Minneapolis, MN

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

STIG Implementation JNMiller1978 (Aug 01)
- RE: STIG Implementation Cate, Jim (Aug 01)
- Re: STIG Implementation Rob Riggins (Aug 16)
  - RE: STIG Implementation Keith Kooyman (Aug 17)
    - RE: STIG Implementation THOMAS, DEDRIC (Aug 21)