There's also a new STIG collaboration portal for peer-to-peer collaborations that sidesteps the help desk.

Pam Baker

May 29, 2019

2 Min Read
Standards
Shutterstock

The Department of Defense (DoD) gave the Information Assurance Support Environment (IASE) portal the boot this month and replaced it with the new website, Cyber.mil. The Defense Information Systems Agency (DISA) already has migrated its Security Requirements Guides (SRGs) and Security Technology Implementation Guides (STIGs) to the new hosting site.

“If a vendor is interested in developing a STIG, [DISA guides them] to develop the STIG using the agency’s format,” said Sue Kreigline, chief of DISA’s cyber standards branch. “[However], not every vendor gets a STIG. We have to apply some limiting factors to what gets a STIG. The biggest factor for determining whether a STIG gets written is the [volume of the product’s usage] within DOD. It’s not the only factor, but it’s the biggest factor,” she said.

The agency says it “releases STIGs on a quarterly basis, in addition to issuing ad-hoc releases for items requiring immediate fixes.”

Access to Cyber.mil is restricted to those with a DOD-issued Common Access Card (CAC). According to Kreigline, the new portal hosts:

  • More than 350 security guides.

  • Security content automation protocols.

  • A STIG viewer capability, which enables offline data entry and provides the ability to view one or more STIGs in a human-readable format.

  • A STIG applicability tool, which assists in determining what SRGs and STIGs apply to specific situations.

  • A Windows 10 Secure Host Baseline download.

There’s also a “sunset list” containing STIG documents that the agency no longer maintains or supports. But that doesn’t mean you can’t still use them.

“Even if a document is on the sunset list, and you’re still using the product, you should continue using that document,” Kreigline said. “Just because it’s on the list, if you’re still running the product, you can still use that document.”

The Cyber Standards Branch also announced a new STIG collaboration portal for peer-to-peer collaborations that completely sidesteps the help desk.

Jason Mackanick, a DISA information technology (IT) specialist, said the collaboration portal grew partly from the questions his team received “from mission partners inquiring about which STIGs applied to them. We have content and tools that we’d like to get out to the community in an earlier fashion to get feedback before we go into the production side.”

The collaboration portal is also restricted to CAC holders and can be accessed here.

Read more about:

MSPs

About the Author(s)

Pam Baker

Pam Baker

A prolific writer and analyst, Pam Baker’s published work appears in many leading print and online publications including Security Boulevard, PCMag, Institutional Investor magazine, CIO, TechTarget, Linux.com and InformationWeek, as well as many others. Her latest book is “Data Divination: Big Data Strategies.” She’s also a popular speaker at technology conferences as well as specialty conferences such as the Excellence in Journalism events and a medical research and healthcare event at the NY Academy of Sciences.

See more from Pam Baker
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Sep 16 - Sep 19, 2024
Join us for MSP Summit, September 16-19, 2024 in Atlanta, GA. You don't want to miss the industry’s most innovative and inspiring gathering of business leaders focused on growing their managed services businesses. This year’s MSP Summit will help attendees stay ahead of exponentially increasing security threats, expanding their range of services through a merger or acquisition and embrace a wide range of innovative new technologies. Get notified when registration opens.
Sign Up For Special Deal