Examples of STIG in a sentence
Apply hardware and software hardening procedures as recommended by Center for Internet Security (CIS) guides https://www.cisecurity.org/, Security Technical Implementation Guides (STIG) http://iase.disa.mil/Pages/index.aspx, or similar industry best practices to reduce the systems’ surface of vulnerability, eliminating as many security risks as possible and documenting what is not feasible or not performed according to best practices.
The contractor shall ensure that all infrastructure deliverables comply with the Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) and Computer Network Defense (CND)., which includes the need for source code scanning, the DISA Database STIG, and a Web Penetration Test to mitigate vulnerabilities associated with SQL injections, cross-site scripting, and buffer overflows.
The contractor shall ensure that all infrastructure deliverables comply with the Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) and Computer Network Defense (CND), which includes the need for source code scanning, the DISA Database STIG, and a WebPenetration Test to mitigate vulnerabilities associated with SQL injections, cross-site scripting and buffer overflows.
Apply hardware and software hardening procedures as recommended by Center for Internet Security (CIS) guides https://www.cisecurity.org/, Security Technical Implementation Guides (STIG) http://iase.disa.mil/Pages/index.aspx, or similar industry best practices to reduce the TO Contractor/subcontractor’s systems’ surface of vulnerability, eliminating as many security risks as possible and documenting what is not feasible and/or not performed according to best practices.
Apply hardware and software hardening procedures as recommended by Center for Internet Security (CIS) guides https://www.cisecurity.org/, Security Technical Implementation Guides (STIG) https://public.cyber.mil/stigs/, or similar industry best practices to reduce the systems’ surface of vulnerability, eliminating as many security risks as possible and documenting what is not feasible or not performed according to best practices.
The Contractor shall also ensure and certify that their solution functions as expected when used from a standard VA computer, with non-admin, standard user rights that have been configured using the United States Government Configuration Baseline (USGCB) and Defense Information Systems Agency (DISA) Secure Technical Implementation Guide (STIG) specific to the particular client operating system being used.
To address security concerns with the ongoing operation of the TOE in the field, a product-specific STIG is prepared in conjunction with the Common Criteria evaluation.
Install and configure any device having a STIG or SRG in accordance with that STIG or SRG.
SRGs are developed by DISA to provide general security compliance guidelines and serve as source guidance documents for STIGs. When a STIG is not available for a product, an SRG may be used.
If a control has a STIG or SRG associated through CCIs, the vulnerabilities identified by STIG or SRG assessments will be used to inform the overall vulnerability severity value for the security control.