Monday, October 29, 2012

October 2012 DISA updates

It's been a while since I last posted....I've had a lot of irons in the fire lately.  And, it doesn't help that we have gotten really busy, or were.  Now, there are artifacts and documentation to create.

So, in doing some research for a particular client, I surfed over to DISA's site and found that they had released a whole bunch of STIGs for the quarter.  Here's the list that I found for October:

Network Infrastructure Router L3 Switch - Version 8, Release 12 - Updated October 26, 2012
Network Perimeter Router L3 Switch - Version 8, Release 12 - Updated October 26, 2012
Network L2 Switch STIG Version 8 Release 12 - Updated October 26, 2012
Network Policy - Version 8, Release 12 - Updated October 26, 2012
Network Other Devices - Version 8, Release 12 - Updated October 26, 2012
IPSEC VPN Gateway STIG, Version 1, Release 3 - Updated October 26, 2012
Network Firewall - Version 8, Release 12 - Updated October 26, 2012
Network IDS/IPS - Version 8, Release 12 - Updated October 26, 2012
Oracle 9 Database STIG, Version 8 Release 1.8 - Updated October 26, 2012
Oracle 10 Database STIG, Version 8 Release 1.9 - Updated October 26, 2012
Oracle 11 Database STIG, Version 8 Release 1.9 - Updated October 26, 2012
McAfee Antivirus Security Guidance - Version 4, Release 7 - Updated October 26, 2012
General Desktop Application STIG Version 4, Release 3 - Updated October 26, 2012
Microsoft Office 2010 STIG Version 1, Release 5 - Updated October 26, 2012
Microsoft Office 2007 STIG - Version 4, Release 9 - Updated October 26, 2012
Microsoft SharePoint 2010 STIG Version 1, Release 2 - Updated October 26, 2012
BlackBerry STIG - Version 2, Release 2 - Updated October 26, 2012
DoD Host Based Security System (HBSS) STIG - Version 4, Release 3 - Updated October 26, 2012
SPAN Keyboard Video Switch (KVM) STIG, Version 2, Release 2 - Updated October 26, 2012
SPAN Multi-Function Device (MFD) and Printer STIG, Version 2, Release 2 - Updated October 26, 2012
SPAN Storage Area Network (SAN) STIG - Version 2, Release 2 - Updated October 26, 2012
REL LAN STIG - Version 1, Release 3 - Updated October 26, 2012
Internet Explorer 6 STIG - Version 4, Release 7 - Updated October 26, 2012
Internet Explorer 7 STIG - Version 4, Release 8 - Updated October 26, 2012
Internet Explorer 8 STIG - Version 1, Release 8 - Updated October 26, 2012
Internet Explorer 8 STIG Benchmark - Version 1, Release 8 - Updated October 26, 2012
Internet Explorer 9 STIG Version 1, Release 3 - Updated October 26, 2012
Mozilla Firefox STIG - Version 4, Release 5 - Updated October 26, 2012
z/OS ACF2 STIG - Version 6, Release 13 - Updated October 26, 2012
z/OS RACF STIG - Version 6, Release 13 - Updated October 26, 2012
z/OS TSS STIG - Version 6, Release 13 - Updated October 26, 2012
zOS SRR Scripts Version 6, Release 13 - Updated October 26, 2012
Windows Vista STIG, Version 6, Release 1.27 - Updated October 26, 2012
Windows Vista STIG Benchmark Version 6, Release 1.27 - Updated October 26, 2012
Windows XP STIG, Version 6, Release 1.27 - Updated October 26, 2012
Windows XP STIG Benchmark Version 6, Release 1.27 - Updated October 26, 2012
Windows 2003 STIG - Version 6, Release 1.27 - Updated October 26, 2012
Windows 2003 DC STIG Benchmark Version 6, Release 1.27 - Updated October 26, 2012
Windows 2003 MS STIG Benchmark Version 6, Release 1.27 - Updated October 26, 2012
Windows 2008 STIG - Version 6, Release 1.20 - Updated October 26, 2012
Windows 2008 DC STIG Benchmark Version 6, Release 1.20 - Updated October 26, 2012
Windows 2008 MS STIG Benchmark Version 6, Release 1.20 - Updated October 26, 2012
Windows 2008 R2 STIG - Version 1, Release 6 - Updated October 26, 2012
Windows 2008 R2 DC STIG Benchmark Version 1, Release 6 - Updated October 26, 2012
Windows 2008 R2 MS STIG Benchmark Version 1, Release 6 - Updated October 26, 2012
Windows 7 STIG - Version 1, Release 10 - Updated October 26, 2012
Windows 7 STIG Benchmark Version 1, Release 14 - Updated October 26, 2012
Gold Disk (*PKI) - Updated October 26, 2012
IAVM to CVE Mapping Spreadsheet - Updated October 26, 2012
Draft Internet Explorer 10 STIG Version 1 - Updated October 24, 2012
2012 STIG TIM and DSAWG Schedule - Updated October 24, 2012
Draft Mobile Policy SRG, Version 1, Release 0.2 - October 19, 2012
STIG Viewer - Version 1.1.2 - October 19, 2012
IAVM 2012 - Benchmark (HBSS Only) (*PKI) - Updated October 15, 2012
Draft Traditional Security STIG - Updated October 15, 2012
Draft Application Server SRG, Version 1, Release 0.2 - Updated October 11, 2012
Mobile OS SRG, Version 1, Release 1 - Updated October 10, 2012

The STIGs with (*PKI) after the name need special credentials.

I noticed that Gold Disk was updated.  I thought I read that this is the last update for Gold Disk.  I have not used it in quite a while, as we have been transitioning to the SCAP Compliance Checker (SCC) for all of our SCAP content.  I do miss the MS Office checks and browser checks that were bundled in Gold Disk.  But, we're finding that scripting out SCC has been meeting our needs.