Security Technical Implementation Guide (STIG) hardening — applying DISA STIGs to Windows systems to meet Department of Defense security baselines and achieve compliance readiness.
Implement and document DISA STIG configurations for Windows environments, transforming default system configurations into hardened, audit-ready baselines. This project demonstrates the ability to interpret STIG requirements, apply technical controls, and verify compliance.
Security Technical Implementation Guides (STIGs) are configuration standards developed by the Defense Information Systems Agency (DISA) for DoD information systems. They define how operating systems, applications, and network devices must be configured to minimize security risk.
| Category | Details |
|---|---|
| STIG Benchmark | Windows Server 2019 / Windows 10 |
| Tool | DISA STIG Viewer, PowerShell |
| Assessment Method | Manual review + automated scripting |
| Compliance Target | CAT I (Critical), CAT II (High), CAT III (Medium) findings |
Download STIG Benchmark → Review Findings in STIG Viewer → Assess Current State → Apply Remediations → Document Evidence → Verify Compliance
- Benchmark Selection — Download applicable STIG from DISA's public library
- Gap Assessment — Use STIG Viewer to identify non-compliant settings (Open findings)
- Remediation Planning — Prioritize by severity category (CAT I first)
- Implementation — Apply registry changes, GPO settings, and security configurations
- Verification — Re-assess to confirm findings are closed
- Documentation — Record findings, remediation steps, and evidence for audit trail
| Category | Severity | Description |
|---|---|---|
| CAT I | High | Vulnerabilities that could directly result in loss of confidentiality, availability, or integrity |
| CAT II | Medium | Vulnerabilities that could result in degraded security posture |
| CAT III | Low | Vulnerabilities that could slightly degrade security measures |
- Account and password policies
- Audit and logging configurations
- User rights assignments
- Registry security settings
- Service and feature hardening
- Windows Firewall configuration
- Remote access restrictions
| Tool | Purpose |
|---|---|
| DISA STIG Viewer | Review and track STIG findings |
| PowerShell | Automate configuration changes |
| Group Policy Editor | Apply security policies |
| Windows Security Baselines | Reference configurations |
| Event Viewer | Verify audit logging compliance |