Git Product home page Git Product logo

disa-stigs's Introduction

DISA-STIGs

A collection of scripts to address DISA Stig Vulnerabilities

STIGs

Many of the various DISA STIGs can be addressed using scripts. This repository is intended to capture these scripts.

These scripts were developed to support multiple environments containing many (approximately 50 VMs each). Due to the VM volume, our organization decided to focus on STIGs that can be validated and remidied using automation. Tennable/Nessus is used to scan the VMs and apply these scripts to address the vulnerabilities. Keep in mind that many STIGs can be addressed with one script, therefore we use Tennable in an iterative fashion.

AWS System Manager or System Center can be used to apply the powershell scripts across the fleet.

Active Directory can be used to apply Registry based STIGs via Group Policy Objects (GPO)

OS STIGs - Coming soon

OS STIGs are deployed as Active Directory Group Policy Objects

SQL Server STIGs

SQL Server Central Management Server is used to deploy SQL scripts across the fleet. A good article on CMS is: https://www.sqlservercentral.com/articles/manage-your-environment-with-cms

  • V-213930.sql
  • V-213934.sql
  • V-213938.sql
  • V-213960.sql
  • V-213964.sql
  • V-213967.reg
  • V-213975.sql
  • V-213991.sql
  • V-214028.sql
  • V-214029.sql
  • V-214037.sql

After applying these STIGs, will acheive a 80% Pass rate. Remaining CAT-I violations are all manual checks.

This list is incomplete, more will be released as they are vetted.

IIS STIGs

  • V-218786.ps1
  • V-218789.ps1
  • V-218798.ps1
  • V-218807.ps1
  • V-218815.ps1
  • V-218821.reg
  • V-218824.ps1
  • V-218825.ps1
  • V-218819.reg

Contributions If you have a script or scripts or other autmateable means to address certain STIGs please submit them as issues and we will attempt to incorporate them. Feel free to include attribution header information.

Cloud Agents

The Agents folder contains are AWS Documents for deploying various agents across a fleet using Systems Manager. Supported agents are

  • Nessus (Tennable)
  • WAZUH
  • CrowdStrike

You will need to provide your own keys and buckets to the content provided.

My hope is that AWS or the agent vendors will take this content and use the knowedge here to develop and maintain Agent distributions for AWS

disa-stigs's People

Contributors

jlongo62 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.