What is DISA SCC?

Posted on by Dominique Stacey

What is DISA SCC?

The SCAP Compliance Checker is an automated compliance scanning tool that leverages the DISA Security Technical Implementation Guidelines (STIGs) and operating system (OS) specific baselines to analyze and report on the security configuration of an information system.

What is ASD STIG?

DISA ASD STIG includes the Defense Information Systems Agency (DISA), Application Security and Development (ASD), and Security Technical Implementation Guides (STIG). They’re a set of guidelines for securing desktop and enterprise applications used by the Department of Defense.

What is DISA and STIG?

DISA STIG refers to an organization (DISA — Defense Information Systems Agency) that provides technical guides (STIG — Security Technical Implementation Guide). DISA oversees the IT and technological aspects of organizing, delivering, and managing defense-related information.

What is DISA STIG compliance?

Security Technical Implementation Guides (STIGs) are configuration standards developed by the Defense Information Systems Agency (DISA). They are designed to make device hardware and software as secure as possible, safeguarding the Department of Defense (DoD) IT network and systems.

What is SCC tool?

The Naval Information Warfare Center (NIWC) has posted a survey for the Security Compliance Checker (SCC) tool to gather feedback from the field on use cases and suggested improvements.

What is a STIG Checklist?

A Security Technical Implementation Guide (STIG) is a configuration standard consisting of cybersecurity requirements for a specific product. The use of STIGs enables a methodology for securing protocols within networks, servers, computers, and logical designs to enhance overall security.

How often are STIG checklists updated?

A new set of STIGs come out every 90 days.

What is the difference between Stig and SCAP?

STIG: The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems. https://iase.disa.mil/stigs/Pages/index.aspx. SCAP: The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas.

How do I check my STIG Checklist?

Now go to https://public.cyber.mil/stigs/downloads/ and download the STIG checklists for your environment. Once you have downloaded the appropriate STIGs, in STIG viewer click file and then Import STIG. Browse to the zip file of the STIG and select it.

Who is responsible for STIGs?

STIGs, otherwise known as ‘Security Technical Implementation Guides’ are published by DISA (The Defense Information Systems Agency) and must be adhered to by any organization that is connecting to the US Department of Defense’s networks (DoD).