DoD’s Cyber.mil Replaces IASE as Host for Cybersecurity Standards
The Department of Defense (DoD) gave the Information Assurance Support Environment (IASE) portal the boot this month and replaced it with the new website, Cyber.mil. The Defense Information Systems Agency (DISA) already has migrated its Security Requirements Guides (SRGs) and Security Technology Implementation Guides (STIGs) to the new hosting site.
“If a vendor is interested in developing a STIG, [DISA guides them] to develop the STIG using the agency’s format,” said Sue Kreigline, chief of DISA’s cyber standards branch. “[However], not every vendor gets a STIG. We have to apply some limiting factors to what gets a STIG. The biggest factor for determining whether a STIG gets written is the [volume of the product’s usage] within DOD. It’s not the only factor, but it’s the biggest factor,” she said.
The agency says it “releases STIGs on a quarterly basis, in addition to issuing ad-hoc releases for items requiring immediate fixes.”
Access to Cyber.mil is restricted to those with a DOD-issued Common Access Card (CAC). According to Kreigline, the new portal hosts:
- More than 350 security guides.
- Security content automation protocols.
- A STIG viewer capability, which enables offline data entry and provides the ability to view one or more STIGs in a human-readable format.
- A STIG applicability tool, which assists in determining what SRGs and STIGs apply to specific situations.
- A Windows 10 Secure Host Baseline download.
There’s also a “sunset list” containing STIG documents that the agency no longer maintains or supports. But that doesn’t mean you can’t still use them.
“Even if a document is on the sunset list, and you’re still using the product, you should continue using that document,” Kreigline said. “Just because it’s on the list, if you’re still running the product, you can still use that document.”
The Cyber Standards Branch also announced a new STIG collaboration portal for peer-to-peer collaborations that completely sidesteps the help desk.
Jason Mackanick, a DISA information technology (IT) specialist, said the collaboration portal grew partly from the questions his team received “from mission partners inquiring about which STIGs applied to them. We have content and tools that we’d like to get out to the community in an earlier fashion to get feedback before we go into the production side.”
The collaboration portal is also restricted to CAC holders and can be accessed here.